I don’t think Lemmy is more privacy friendly. In fact, its, arguably, even less privacy friendly that others.
I don’t think Lemmy is more privacy friendly. In fact, its, arguably, even less privacy friendly that others.
I kind of agree with your points, but I think there has to be a distinction of libs. Most deps should be static IMHO. But something like OpenSSL I can understand if you go with dynamic linking, especially if it’s a security critical program.
But for “string parsing library #124” or random “gui lib #35”… Yeah, go with static.
I have yet to find a memory hungry program thats its caused by its dependencies instead of its data. And frankly the disk space of all libraries is minuscule compared to graphical assets.
You know what’s going to really bother the issue? If the program doesn’t work because of a dependency. And this happens often across all OSes, searching for these are dime a dozen in forums. “Package managers should just fix all the issues”. Until they don’t, wrong versions get uploaded, issues compiling them, environment problems, etc etc.
So to me, the idea of efficiency for dynamic linking doesn’t really cut it. A bloated program is more efficient that a program that doesn’t work.
This is not to say that dynamic linking shouldn’t be used. For programs doing any kind of elevation or administration, it’s almost always better from a security perspective. But for general user programs? Static all the way.
Any site worth its salt (heh) will verify criteria on client for UI reasons, not just in the backend
Do people have such short memory? The US does it, yeah, it was a super major scandal years ago. Spying not just on “enemy” states but also supposed allies, as well as all citizens all over.
Set your build goals now (check !buildapc@lemmy.world ) and use alerts/price trackers to see good deals. There are some good deals on Black Friday but many are bogus, its to better to check every now and then for deals.
Yeah, the password is much better. In Windows you also realize it because the admin screen is hard to miss, but you can just go ahead and accept it, since many users run their PC as admins.
I mean, in europe they are more expensive, 4070RTX was about 700€ (770$). Different currencies and different taxes. And greed.
If you have root in linux you can disable that, so you are in the same state. You could also selfsign.
This is an issue, but IMHO quite overblown.
nVidia GPUs:
970GTX was 329$ in 2014
1070GTX was 379$ in 2016
2070RTX was 499$ in 2018
3070RTX was 499$ in 2020
4070RTX is 599$ in 2023
Probably, the 5070 in 2025-6 will be 650-700.
With admin privileges you can do the first one though, as the whole revocation list on certs is a fucking general mess (and that applies to web in general, not just windows).
In general if your attacker is admin or has tricked you into executing something as admin, you are pretty much fucked, regardless of drivers.
No, that exploited a legitimate driver to be a point of entry and enable other attacks, and is much more problematic.
This enables attackers to make non legitimate drivers appear legitimate to windows, but they have to be installed anyway, requiring admin privileges.
Yes and no. It’s an escalations issue. Even with administrator access, you are not supposed[note1] to be allowed to install drivers with invalid signature, which supposedly haven an even high chain of trust (although this really iffy unless you are using secureboot as well but that’s another discussion).
That said, when the attacker already has admin privileges you are so far in the compromised chain that the kernel driver is an issue, but you are most likely completely fucked anyways.
This just makes your vulnerability state to be the same as in linux, where your drivers arent required to be signed in the first place, for example.
[note 1]: There’s a caveat, with admin acess you can disable driver signatures entirely, using bcdedit, this is called test signing and leaves a visible watermark at all times with “Test signing enabled”, therefore the user can already see that the computer is compromised. Its mostly useful for devs (or attacking people who dont give a fuck).
The whole signing of kernel drivers and UEFI code has always felt more of a walled garden/security racket to get actual legitimate hobbyist/open source to pay a shit ton for certificates, rather than actual security. Especially with all the hoops with older version support (if you wanted to fully support win vista or early7 you needed to dual sign with sha1, and most cert companies didnt know that and you had to fight with them to provide one), and the super shitty page that was the windows development hardware center for signing.
Linux Kernel is kind of a bad example since its one of the examples of project scaling with many people from many companies. Even if you want to go with its inception, it came from Unix which already had many people. Of course, its also one of the best examples of actual leadership, proper technical people management, which is something very hard to come by. Its also a great example of how to divide your design and make it scalable, so people are working on different parts totally independent on each other.
That’s all actual, proper, work, not whatever crappy slide presentation passes as leadership on many places.
Not to mention, Pomegranate in Spanish is Granada, literally Grenade. It’s also one of the more famous regions in Spain, and it exports a lot of that fruit, which, as is usually the csse, has both Spanish and Portuguese on the labels to reduce costs.
No one in Portugal should jump to that conclusion unless they are ridiculously xenophobic.