N.E.P.T.R

For work, you could also try Fedora Workstation or Linux Mint Debian Edition. Debian is pretty barebones, but if that isnt a bother then do whatever.

Not really needed on Android or in general. If all you want to know is whether your system is compromised, use Auditor by GOS.

Check out Maxima as a replacement for the EA app.

You can layer packages using rpm-ostree install $pkgname. It uses fedora repos. You can also (preferably) use a distrobox or toolbox container with a non-atomic distro and then install the desired package. Generally better to avoid layering packages but it works fine in my experience.

See if RTranslator meets your needs for a gtranslate alternative.

Also, Heliboard has swipe/glide typing and can use other STT/voice type apps. I recommend Heliboard + FUTO Voice Input.

Manjaro is notorious for being a shit distro with breakage and out dated packages from their repos. Instead check out CachyOS or EndeavourOS for easy arch-based distros.

To add to your list: openSUSE Tumbleweed, VanillaOS

I watched the video. Yes, if your sandbox config is weak then it will allow sandbox escapes. I agree the should default should be a secure sandbox. Bubblewrap offers the opportunity to shoot yourself in the foot. Look into the others tools I mentioned if you want to see different implementations. Sydbox is the one I think is the most interesting.

The only way I know to harden Linux Mint is using the Debian edition. Using LMDE, you can (unofficial) use Kicksecure to harden the base system. This isnt a great solution since the Linux Mint software is untested with Kicksecure and may/will reduce the security of the overall hardening.

Hardening is not useless, but it doesnt fix the architectural issues with Linux and its outdated threat model. That article says the same thing. It isnt an all-or-nothing situation, hardening still improves Linux security. Projects exist like SELinux, Bubblewrap, Crablock, Sydbox, and Landlock. Efforts to harden GNU/Linux have been made, like Kicksecure (Debian) and Secureblue (Fedora Silverblue), which protect against many threat vectors, but not perfect obviously.

/e/os is often behind on Android monthly security patches (sometimes up to a month or more!) and the apps they fork I have heard also often lag behind upstream. It also doesnt do much to deblob the ROM if proprietary binary blobs.

Comparison table of Android ROMs: https://eylenburg.github.io/android_comparison.htm

IIRC, they block 3rd Android ROMs (eg GrapheneOS) using Google’s Safety net service verification.

That is generally called the principle of least privilege.

Using a VPN should defeat the attack by having a different data center cache the media file.

Fitejail is a large SETUID binary which weakens security and can aid in privilege escalation. Use Bubblewrap (preinstalled on most Linux systems cus of Flatpak) which runs unpriveleged. Bubblejail is a program that makes it easier to make sandboxes profiles for apps.

Very interesting read.

You dont have to install over the drive. Retrieve any important files from the drive by booting a USB live OS.

Not exactly. Ironfox is a fork, not a direct continuation of Mull. I’m holding off on using it because I want to verify that the new fork can keep timely security updates. Ironfox is a big unknown.

Also seems to have way too many permissions. Maybe to work around some problem "flatpak"ing virt-manager?

Even if documentation can be time-consuming, it is such a lifesaver and makes the whole process of coding much smoother. It means not as much time wasted backtracking. If you think there is any part of your code you won’t understand when you coming back to it, document, document, document.

Sometimes I write some multiline psuedocode comments or/and an explaination of specific choices, especially those invisible choices you make while debugging that aren’t apparent when your just reading through your code.

Good thing to do is make code that is generally readable too lol.

Or are you? Try it, just a lil 😼