What the fuck is a gentoo?
What the fuck is a gentoo?
Comments
171-
-
"Well, we raided his mom's house and confiscated all his cobbled-together e-waste."
"And!?"
"His drives were encrypted. Apparently he 'applied PQC patches to dm-crypt himself', whatever that means. All I know is that it made the guys from NSA scream. There was nothing we could do."
"So we've got nothing?"
"Oh no. He happily gave us both the keyfile and the passphrase."
"So..?"
"No warez, no CSA, no political manifestos or illicit recipes. Not even tax evasion - it's not like he has an income. Just... copyleft source code as far as the eye could see."
-
I lol’d at this. But seriously, privacy is a fundamental human right. You don’t need to have something to hide to assert your right of privacy.
-
Yeah the government doesn't understand we don't want you to be sociopaths with the excuse of our safety.
-
There’s also the issue of changing legality; what’s legal today might be illegal tomorrow
-
-
copyleft source code is a telltale sign of communism, thus anon can be associated with Big terrorist like the Antifa.
-
open source collaborative software is anarchy. Book him
-
-
Only Asymetric encryption, like PGP has Problems with Quantum Computers. Symmetric, like AES, used by dm-crypt is not affected by Quantum Computers. It doesn't rely on multiplied big prime numbers or stuff like that.
-
FOSS gang rise up!
-
The NSA dude screamed in ecstasy because someone finally used his dm-crypt patches.
-
my spirit animal
-
-
Linux nerds literally only want one thing and it's fucking the idea that your full disk encryption will pay off one day.
-
It's when your disk breaks and you can just throw it away without worries.
-
What's þe fun in þat? I bought þe giant electromagnet electric media wiper for a reason.
-
-
It can, but most likely it only would if you're doing illegal shit and get caught. They'd search your place for evidence and FDE could keep them from discovering some things.
But uh, if they got that far into investigating you then you're probably already screwed.
-
Not true at all. Governments regularly raid political dissidents. It's a disciplinary tactic in and of itself. I've been raided for plenty of shit and never been convicted of any crime.
-
Doesn't need to be a government but just common thiefs getting your computer and selling it to someone who knows what to look for.
-
-
It pays off the moment someone steals my bag with the laptop when I leave the office or coffe shop.
-
One of these days! 🤞
-
-
your full disk encryption will pay off one day
They day you fuck up your password one too many times and lock yourself out of your own computer.
-
Is there any reason to do full disk encryption, vs encrypting a single partiton or a folder with eCryptfs? It’s not like your /usr/bin, etc… needs to be encrypted, but encrypting it reduces performance.
-
Suppose you're in some hypothetical country where torrenting is illegal. The presence of
/usr/bin/qbittorrenton your disk could be enough to face charges. Unencrypted/var/log? Maybe they can see you've been running a cryptocurrency miner. There could be plenty of data outside of$HOMEon your computer which a cop might try to use against you.In the most paranoid hypothetical scenario, someone could mount your unencrypted
/usr/binand replaceopensslwith a compromised version. -
Is there any reason to do full disk encryption, vs encrypting a single partiton or a folder with eCryptfs?
One obvious reason is that it just is very simple to encrypt the entire disk and be done with it.
-
-
-
all the 3-letter agencies pool their resources
billions of dollars are dumped into the project
several years later they manage to decrypt all of this guy's communications
it's nothing but chats about how to encrypt shit -
I'm in this post and I like it.
-
Thoughts on Gentoo over something like Fedora? (Or whatever you're using)
-
I run Gentoo.
It's made my fundamentals stronger.
It allows me to run the minimal number of codepaths.
Every now and then it makes me happy. Sometimes proud of myself. All because I solved some problem that was helped by the mindset Gentoo had set up.
-
Gentoo is fun and a nice way to learn more about computers. Their wiki and their community was really good when I was into it, I'm sure it still is. But compiling everything from scratch is quite demanding of your CPU and your time, so it's not really something that you run as your daily driver for long.
-
-
I legit spent the afternoon the other day installing Linux on my first non-Raspberry Pi machine since 2007. It is a 13 year old laptop with NVidia GPUs (2). It went perfectly smoothly and Linux sees both GPUs. I tried Megabonk on it and it runs at 60FPS maxed out. I encrypted the drive. Bless you, Pop!_OS
-
-
Time for the $5 wrench...
-
Or just beat the shit out of them and get the info you need (or more likely want).
-
Relevant xkcd: https://www.explainxkcd.com/wiki/index.php/File:security.png
-
-
Yes, that is how you'd use a wrench in that context
-
Yes, that is what the wrench is for...
-
-
-
check the IP logs
Its all encrypted? This guy uses VPNs and Tor?
Presuming that Mossad can be topped with a subscription to ProtonVPN or a Tor browser is adorable. Hell, presuming nobody in the intelligence services is familiar with Linux is even more adorable. "We've got everyone at the NSA fooled because we're Arch users". Yeah, sure buddy. What do you think these professional computer nerds are doing in their own free time?
Where do you even think encrypted applications come from?
-
most of these security agencies effectiveness is just in the myth's they've built around themselves of actually being effective.
mossad in particular, just has a complete disregard for killing innocents and a really good propaganda wing to suppress all their fuckups.
most killers are not right in the head, they act on pure emotion, they post "i am going kill X" online to their social media of choice the night before going to kill X...it's dumb as shit. that's how low the bar is on utilizing violence
fact is lone wolf threats are practically unstoppable, especially if they have a modicum of competency
this is also why it's said killing gets easier/"first ones the hardest" etc. even if your not some sociopath (which, most people as a whole arent)...once you know and understand just how easy it is to kill people and get away with it...lot of the worlds problems start to look like they have very easy solutions...
-
I mean, tell it to Jeffery Epstein. The man was pulling strings halfway around the world with his endless supply of blackmail and bribery.
-
Also lots of killers seek psychiatric help voluntarily (and are often sadly ignored). For a sane, moderately competent person it's easy to plan the perfect murder or terror attack -- it's a different thing to carry it through because a sane person also has mental guardrails.
Mossad is effective because Israelis are ruthlessly trained to dehumanize anyone who's an obstacle to their goals.
-
-
From security agencies, presumably...
Got me? No!
Security agencies create encryption for their own usage. This means they want it to be mathematically as strong as possible, to protect their secrets from enemy security agencies. Why would they backdoor their own protection system?
They'll just go through the side door instead.
-
The Snowden docs proved that the NSA was intentionally weakening some encryption standards to make them amenable for cracking.
Then there's also the constant pressure from the FBI to make it law that encryption technologies must have backdoors. These are both public record.
-
-
I don't think they'll be prodigies or anything but they probably know literally one or two tricks or weaknesses that they heavily depend upon.
So you can never really feel secure (that's not to say take no caution).
-
Yeah, this isn't like using OpenBSD! /s
-
I tend to just operate on the principle of: I know my setup probably wouldn't hold up for a second if some sort of organized three-letter government body decided to focus on me, but my threat model is more the kind of general internet-sweeping surveillance fuckery that goes on. I'm not doing anything especially dodgy on the internet and I think messing around with privacy stuff is fun, so my security level is faintly absurd for what it is. I'm sure someone could crack it if they were determined enough, but I assume the amount of effort required relative to what you'd find would just make it pointless anyway.
-
-
Ah yes, a Linux teenagers power fantasy. Hardened Gentoo and Selinux beats deblobbing btw, noob.
-
Selinux
Hey, let's not get crazy. I still want to use it for practical things, too. /s
-
You can't impress me with a bog standard Gentoo. If you want to show power, build a fortress. At least put some tripwire you mostly trip yourself on (program that keeps an encrypted hash database of your system files to find intrusion changes, needs an update with every update of course or it alerts only your negligence).
-
-
-
"His fucking kernel is deblobbed too?"
As a noob, I genuinely can't tell if this is real jargon or not
-
It's referring to binary blobs. A windows exe might be a binary blob.
These are distributed compiled. Even if the project is open sources, the binary blob might have been generated by a compromised compiler.This is one of the reasons the XZ Utils compromisation went unnoticed for so long. One of the compressed files used for testing contained malicious code that would be included in the build artefacts (IE, the final compiled binary) under very narrow and specific circumstances.
So "deblobbed" means absolutely everything in the OS was built & compiled on their computer from original source code
-
Thanks! I wonder if I will ever reach that level of privacy paranoia. At the rate that I'm going, maybe 5 years.
-
Thanks. But I don't understand why any of that ensures that the compiler isn't compromised? Do you mean they have presumably vetted the compiler themselves first? This is something that would be incredibly time consuming to do, assuming we are talking about gcc or something equivalent, which, I mean if you're compiling an OS...
-
-
Lol tell me your computer is blobbed without telling me your computer is blobbed!
-
I would love to be fully open source but what metal to use..?
-
-
Tower's explanation of blobs is kind of strange and not really correct. In a general sense a binary blob is just a situation where you have open-source software that is combined with proprietary components.
Most relevant example to the meme is that the Linux kernel is open-source, but can sometimes contain drivers that are proprietary and don't have source code available. Those proprietary drivers would be the blobs.
As a counter-example, the linux-libre kernel that devfuuu linked to, is a version of the Linux kernel that has had all the blobs removed.
-
Oh that makes so much more sense <3
-
-
-
12 hours a day on his computer
Those are rookie numbers, he has to get his game up.
-
Last line should have been "we cant he lives on the street"
-
Or live in a van.
-
DOWN BY THE RIVER
-
With tax and license plate requirements? I think not!
-
-
Not a hackerman, but I really don't think that 12yo CPU is much more secure than a modern one.
-
If we're talking about security, the newer CPUs have better microcode. Those older CPUs are vulnerable to attacks such as Spectre. Older boards supported by Libreboot, such as the Haswell boards (e.g., Dell 9020 OptiPlex), which support 100% free BIOS firmware, which is to be used in conjunction with 100% free software. If you do so, you will have more security, freedom, and privacy than any other modern consumer grade computer.
Then again, these boards are old, so, given the microcode is old, if you're running a virtual machine with a bunch of malicious software, an attacker can potentially exploit your host's CPU and break out of that VM. Of course, determine your threat model. Are you running no JavaScript ever and only using libre software?
A deblobbed kernel isn't great either in some cases, you may need some patches. For example, someone was able to exploit Intel's iGPU on these older boards and gain complete access to your machine. The only way to fix this is by using a blob. Though, if you strictly only use libre software, this wouldn't be a concern as much so you wouldn't need this blob.
If you stick strictly to 100% free software, older hardware and a deblobbed kernel might be appropriate. But if you need to run blobs along with other proprietary software like JavaScript, the security provided by something like the Intel iGPU blob patch could be beneficial.
-
It will prevent you from doing a lot of the things that will get the NSA interested in you?
Imagine trying to brute force a password on a Dell.
-
A correct assumption
-
Probably a reference to coreboot systems and maybe RISC stuff like open SPARC.
-
Let them try yo hack my C64 ✊🏻🤘🏻
-
Older ThinkPads had socketed CPUs, allowing you to upgrade to pre-IME Intel chips.
-
-
The extent some people go to refuse their privacy being stepped on. These people like this are pathetic. /s
BRO JUST LET THEM DO WHATEVER THEY WANT YOU'LL BE FINE AS LONG AS
Y O U H A V E N O T H I N G T O H I D E
-
At least there are cameras tracking everyone’s movements now.
And local cash-accepting taxi companies have been replaced by two cooperative companies, so that loophole is almost closed.
-
😩
-
-
Frankly, I think the people with more to hide are more virtuous than I. Labor organizers, activists, etc. If you're working to overthrow my country, awesome. Best of luck to you.
But it's also fair to say most of us will not truly benefit from writing a custom boot loader and after a certain point this is just a hobby.
-
Ah, the call of the total information warrior - "If you have done nothing wrong, you have nothing to hide": do they track your phone wherever you drive? Ever drive past a crime in progress unknowingly? Can you prove you were not participating in the crime? Even if it is the dead of night in the warehouse district on your way home from work?
-
For me it's because you all never went far enough. It's not about data privacy. It was always about data scarcity. You all wanted content creators to get paid while also using that same platform to keep your stuff private. Except the way content creators get paid is working for websites and corporations that steal your data and create profiles that information brokers can trade amongst themselves to build larger profiles where they don't even need you to use any of their systems just to build your profile. But you like random bearded guy that makes cat comics. We should have always been hostile to anyone using the internet to create content in order to sell it.
-
if these folks were serious about their privacy - they would be running fucking Qubes
-
Are they in the room with us now?
-
-
Can't have ring -3 vulnerabilities if your CPU doesn't have a ring -3
-
This is cute and all, but I'll bet that <country-s-intel-agency> would have other ways to get into your computer.
edit: wrong ending bracket
/rant: can we get angle brackets back for god sake?
-
-
I got into gentoo because it made patching the kernel to hold luks keys in debug registers instead of RAM easier than Arch 😅
-
Lmao
-
A government hackerman would be the same guy. Except working for the government.
-
I love this idea when in reality they probably have some Israeli 3rd party that they use that can just pop any system in under an hour regardless of any protection you think you have.
-
Hero.
-
- under investigation for ordering child sex dolls under their real name to their home address with their bank account and posting pictures with their face in it to reddit
-
Literally just spends all day commenting hacker news posts
-
I'm like this post but I use GNU Guix System instead of Gentoo and GNU Boot instead of the old fully free Libreboot (and I have my own appartment lol).
-
Hello, Fellow Guix-SD user.
-
-
We can get around Intel ME?
-
Don't buy an Intel CPU :)
-
AMD has PSP, same bullshit. I'm not ARM ready either.
-
-
I could be wrong, but if I remember correctly, the Thinkpad x61 was the last version to ship without Intel ME, and I assumed the meme was a nod to that.
-
Pretty sure there's a script somewhere that neuters it a bit.
-
Some computers do not require having the ME firmware installed. Usually, these are computers supported by a 100% free BIOS replacement such as GNU Boot (see the compatible models on the website). Libreboot was fully free in the past but it's not true anymore since it does now support computers needing the ME working (at least for computer initialization) but neutered so that most of it can't operate. However, you can't be sure whether a neutered ME is harmful or not since we don't know what it can really do as the initialization source code is not known.
-
-
I don't know, but I'm down with the clown... oh sorry, I thought you asked what was a Juggalo
-
Removed by Moderator — Modlog
-
"Hang on, you mean to tell me this fucker barely uses the internet or TV at all anymore and instead just reads books and watches old films on disc? Like real books, not ghost-written memoirs of our favorite elites?"
What if i don't remember my own password?
It says "until" so you'll be having plenty of time to remember it.
yes
there was another crypto kidnapping (also in russia) a few years ago, they tortured him and got all his apes. DeFi, kinda scary
give them the duress password gg
Gonna become the $2 waterboard rag method for insubordination
"If this password doesn't work, I'm going to break your thumbs."
"Uh...."
"Yeah, its not the real password. Lets break his thumbs and ask him again."
Feels more and more likely living in the land of freedum right now.
Free drugs!
Free Wench hits, too.
Anyone remember rubberhoseFS or Veracrypt multiple hidden vols?
It's cute that anyone thinks situation 2 would be necessary and that encryption couldn't be broken with the press of a button if someone seriously wanted your info.
Fantasy land.
Privacy is a human right, but our rights were eroded long ago.