@404zzz@stereophonic.space The GTK theme does look pretty cool though.
@inference @404zzz @thebiologist1117 The performance is good but it quickly becomes clear that it is a sketchy descendant of Arch Linux with some of the best wallpapers. Performance grows worse as new sketchy applications are installed.
The wallpapers are pretty cool but the system as a whole makes me want to move back to an FSF Approved Distro. God forbid if you want to use it for development. It's a distribution that demonstrates that apt might not be perfect but it is better than pacman.
The strong suit of the distribution is the wallpapers and some of the drivers. It will break on update just like Arch. Security is sketchy and perhaps the worst I've seen. There are many issues but I don't want to ramble on.
@inference @404zzz @thebiologist1117 Arch isn't much better. A common theme is that resources are being taken up on horrible ideas like snap and flatpack.
@inference @404zzz @thebiologist1117 If anything breaks the system it will almost always be an Update. It happened to me 6 times over a few years and I still say that the community is the worst part of Arch Linux.
>an FSF Approved Distro
Which one? There like only 6 now iirc.
Wait no just checked, 8 as far as the desktop ones go.
@dushman @thebiologist1117 @inference @404zzz I don't think that many are currently recommended. There's a Debian like one, an Arch like one and that's all I would trust. I used Parabola for around 3 years and it wasn't bad. The troubles of only FLOSS is less intimidating than trusting Debian as it is these days. It looks like trash and performs like it too. It only looked like trash in the past.
Eww...
@inference @404zzz @dushman @thebiologist1117 That's correct. Not many people would realize that nor what Libre Linux is.
I don't trust the microcode anyway. Perhaps it's safer to use it but if it was designed correctly, we wouldn't have to talk about bandages.
If there's a backdoor, it's unavoidable, but you're at least protecting yourself against typical security issues against normal people, such as Spectre and Meltdown.
@inference @404zzz @dushman @thebiologist1117 I'm aware of the microcode that goes back to 70s. I suspect that the patches aren't worth using and that the system can't be trusted even if fully patched. It's a flawed design and perhaps worth the risk in some uses to not patch the microcode.
I could very well be wrong but I'm not suggesting that it's the best decision. Imagine screwing up so badly that most of the computers in the world are vulnerable and continuing to sell processors.
Microcode updates are the same as any other security patch and should be treated the same way.
@inference @404zzz @dushman @thebiologist1117 I agree but some people like to explore. A flawed Lenovo Thinkpad UEFI allowed researchers to document what AMD's PSP was capable of.
> A flawed Lenovo Thinkpad UEFI allowed researchers to document what AMD's PSP was capable of.
This just effectively reverse engineered what it does. Nothing special about it. It's well known that both AMD PSP and Intel ME control the x86 cores from a low-level system management interface and won't even unlock to start the cores if they are broken or the signature doesn't verify. Is irrelevant to microcode. Whether you install it or not, you simply can't escape PSP or ME; only way is to not use x86 or ARM. Even ARM has TrustZone (which is what PSP is based on).
@inference @404zzz @dushman @thebiologist1117 RISC-V is even getting something that should do the same thing.
The researchers found that the firmware loaded from UEFI and it turns out that AMD wasn't fully honest about PSP.
There's a rumor that Intel, AMD and ARM were included in SIGINT for the NSA.
It's physically impossible to design literally perfect hardware or software. Something being flawed from the get go doesn't mean you should just avoid fixes or mitigations.
@dushman @thebiologist1117 @inference @404zzz Sometimes the flaw is so severe that the device should be recalled but a quick patch is cheaper and doesn't damage a reputation much. I don't update firmware or microcode on some of my personal devices because I like to explore. I've discovered a few things but I never had the resources to fully take advantage of what I found.
It would be easier to develop an exploit than my goal of making it function with open source firmware.
I'm a very niche case. If I physically own something I should be able to make changes to it.
True. You might as well keep it up to date to avoid bugs and vulnerabilities.
@dushman @thebiologist1117 @inference @404zzz Also to keep up to date with bugs and vulnerabilities. Like my old Fitbit fitness tracker keeping up to date and keeping fresh targeted advertisements. "Hot muscular bottoms dtf in your area." Going to the gym around 2200 every night might have helped the algorithm.
Manjaro users are in danger thanks to the incompetency of Majaro devs/maintainers. Simple as that.
It's so bad, it should be illegal.