So you say Microsoft doesnt “actively seek influence”?? LOL

It was easier than taking over zstd for sure

Has no filesystem sandbox whatsoever. They just pretend it is fine, causing uBlue devs and others to think it is okay to remove native Firefox

Btw how are they the only ones hopping on to XZ?? Like, everyone is switching to zstd currently.

Well, Windows is worse by far

I tried the ublue image, when it wasnt under the ublue name yet. Worked pretty great, I will test the current state soon!

Their ISOs are uninstallable. I wanted to test it, will need to to a #silverblue install and rebase… which #uBlue doesnt document ANYWHERE

I guess no Wayland support, which is pretty big

Strange. I wonder if this is the same as “hunters need to hunt deers because we have no wolves”.

Normally trees die and stay there, etc. I never heard that natural old growth forests need wild fires.

Why? Where?

Naturalistic Fallacy

Update: yes this is still true. MullvadVPN and ProtonVPN (which I dont recommend) both patch wireguard to work with less logs.

Officially, Wireguard cannot be no-log

Fixing their damn sandbox would be something truly useful.

Implementing a fork server so Flatpak AND Android Firefox can stop being fucking insecure for no reason.

The desktop version uses Electron, a shitty Chromium + Node.js framework for devs that really only want javascript and web tech

True, forgot about that.

Alternatively yeah some system to load the data online, autodelete after a while of not logging into something.

But the question really is “why?”

Disk encryption should deal with everything. Secure boot and usbguard are useful anyways.

THIS prevented you from switching?

Afaik screenshare always worked when using Discord in a browser

Which it isnt

Yeah because Flatpak firefox is damn insecure!

Please dont use it. Firefox devs dont care. Flatpak restricts browsers from spawning “user namespace” sandboxes for filesystem isolation.

Chromium uses a fork server (zygote) and breaks when it cannot spawn these sandboxes. So developers created zypak, which allows to isolate processes using bubblewrap, the Flatpak sandbox.

Firefox just runs without a sandbox, and doesnt have a fork server, so nobody cares.

Without process isolation, you have less duplicated content. This saves space but IT IS INSECURE.

Please use a non-Flatpak Firefox version.

There is no reason why a “Zen Browser” should use less RAM than Firefox.

• use a non sudo user for the user
• somehow get the IP address of that laptop all the time. There are dynDNS solutions like this where the client just needs to automatically download a certain file daily and you know his IP, my implementation is here.
• have ssh access to root with a ssh key. The usual hardening, fail2ban, block using passwords
• open the port for ssh on the clients system

If something goes wrong, login via ssh (you know the dynamically changing IP) and remove a directory or the entire user.

You cannot avoid that a user would copy files from there to a usb stick. Well you could, by using usbguard. Works really well in my experience, just prevent nonsudo users from adding new devices.

And then you need to prevent the user from booting another system, or taking out the SSD and reading it. TPM and boot lock is the right thing here, what Max-P wrote.

Everything that does something is a file. No files, no existence ;)