Hi ! I’m a little confuse between all immutable versions based on fedora. Is this correct : universal blue = tool to create image, based on fedora atomic desktop ?

With universal blue, they created :

  • Bluefin = gnome
  • Bluefin-DX = gnome + developper tools
  • Aurora = kde
  • Aurora-DX = kde + developper tools
  • Bazzite = games

What the difference between silverble and bluefin for example, and which are you using ?

  • boredsquirrel@slrpnk.net
    link
    fedilink
    arrow-up
    7
    arrow-down
    2
    ·
    edit-2
    6 months ago

    Secureblue ships Chromium, is lead by a single person and does not care about privacy “if it leads to worse security” (i.e. preinstalling Chromium and removing Firefox, even though there is no evidence that Chromium is more secure, it may likely be less secure)

    • poki@discuss.online
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      6 months ago

      is lead by a single person

      Ultimately, (some) decisions are made by a single person. However, the list of maintainers suggests that contributions are welcome.

      > even though there is no evidence that Chromium is not even less secure)

      The double negation makes it hard to understand; but if I would give it a try, then I would get the following:

      “even though there is evidence that Chromium is even less secure)”

      If the above represents your views, could you provide said evidence?

      even though there is no evidence that Chromium is not even less secure

      What’s your take on Madaidan’s (i.e. security researcher on projects like Kicksecure and Whonix) article on the matter? I’m aware that it’s a bit outdated. However, would you be able to confidently claim that nothing found within is relevant today?

      • Shareni@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        “even though there is evidence that Chromium is even less secure)”

        That’s not how double negatives work. The alternative would be:

        Even though there’s no evidence that chromium is more secure.

      • boredsquirrel@slrpnk.net
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        The article is very outdated and possibly not complete. ChromeOS uses Linux so you can assume it is very secure there.

        I miss a debunk on the exact points by firefox devs.

        But people everywhere told me madaidans article is not correct. Torbrowser also still doesnt use Chromium for various reasons. And that is the most security critical browser there is.

        • Aqler@discuss.online
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          6 months ago

          The article is very outdated and possibly not complete.

          Source to back this up?

          ChromeOS uses Linux so you can assume it is very secure there.

          Wut? I didn’t get this. Could you elaborate?

          I miss a debunk on the exact points by firefox devs.

          Does such a debunk even exist? Or do you hope it will be made at some point? Furthermore, do you imply that it deserves a debunk; hence its content is false? If so, based on what?

          But people everywhere told me madaidans article is not correct.

          Have they offered you a similarly well-backed and sourced refutation/article? Or did you simply dismiss Madaidan’s cited claims without anything to back it up? Do you think this is an academic/logical/sensible approach just because some randos said it’s incorrect?

          Torbrowser also still doesnt use Chromium for various reasons. And that is the most security critical browser there is.

          Tor Browser’s commitment to Firefox is probably more related to sunk cost fallacy, FOSS and trust than it’s to Firefox’ merits on security.

          • boredsquirrel@slrpnk.net
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            Please just duckduckgo these questions.

            The article is from an old date and got no updates, security is a moving target so it is outdated.

            a debunk is not existent, thats why I miss it.

            I requested such an article of Mozilla devs long ago. There is a damn bugzilla thread, which helps a bit, but it needs developer documentation or something.

            Torbrowser needs to be secure. If the browser source cannot be trusted, or if Mozilla can be trusted more, then it makes sense to use it.

            • Aqler@discuss.online
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              6 months ago

              The article is from an old date and got no updates, security is a moving target so it is outdated.

              I agree that it’s not very up to date. Heck, I even said as such with “I’m aware that it’s a bit outdated. However, would you be able to confidently claim that nothing found within is relevant today? (Yes, I’m @poki@discuss.online). That’s exactly why the bold parts were included. However, instead of answering my question, you just called it outdated to dismiss all of its claims. But, that’s not how it works, you should -instead- state if it’s relevant or not. I.e. is everything mentioned within solved? Or are some issues still standing?

              Btw, if you go about duckduckgoing stuff, I actually do. However, apart from CHEF-KOCH, I couldn’t find anything on this matter. Furthermore, I couldn’t find anything on CHEF-KOCH’s credentials. So, why should I favor their opinion over Madaidan’s (that at least works on Kicksecure and Whonix)?

              a debunk is not existent, thats why I miss it.

              Clear. Thank you for explaining!

              I requested such an article of Mozilla devs long ago. There is a damn bugzilla thread, which helps a bit, but it needs developer documentation or something.

              Thank you for your effort! I tried finding the bugzilla thread but failed. Would you mind helping out?

              Torbrowser needs to be secure. If the browser source cannot be trusted, or if Mozilla can be trusted more, then it makes sense to use it.

              Fair. Someone who’s actually security sensitive would run it within a disposable qube anyways. And, in that case, security would have already been solved. So, Tor Browser can focus on privacy.

              • boredsquirrel@slrpnk.net
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                6 months ago

                However, would you be able to confidently claim that nothing found within is relevant today?

                No, not what I said. As said, there was no debunk and there were pretty hefty claims with a lot of backing facts.

                These are old but I read a ton of Mozilla bugs, and even reported some security relevant ones.

                So I know that even security relevant things may just get ignored or postponed.

                However, apart from CHEF-KOCH, I couldn’t find anything on this matter.

                Yeah same here. I was contributing a bit to secureblue when it was just starting, and qoijjj found the Chromium policies on some raaandom strange website for Windows Chrome group policies? It is crazy, these things are just not documented.

                This CHEF-KOCH dude, I also dont know what to think.

                Not being discoverable is nice, I recently decided to use a consistent username, as I kinda stopped being a noob all the time. It improves trust somehow.

                Mozilla and TBB people have threads.

                • Aqler@discuss.online
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  6 months ago

                  Thank you for your efforts! Thank you for the links! And thank you for being open and genuine! Hopefully Mozilla Firefox will ever improve until even its toughest opponents can’t ignore it. I wish ya a great day!