You don’t really need to switch to a different distro. Just avoid snaps/flatpack/… and use a more lightweight desktop like XFCE and you should be fine.
You don’t really need to switch to a different distro. Just avoid snaps/flatpack/… and use a more lightweight desktop like XFCE and you should be fine.
Known-good meaning a tested and working configuration The bugs are fixed upstream and they get pushed via the method of distribution, which is Flathub in this case. Well, fixes don’t normally need to be backported because flatpaks are usually fresh.
There are a few assumptions in here in order for that to work: the known-good version needs to be the latest upstream version (otherwise you might not have the latest security fixes) and users need to be comfortable always using the latest flatpak version. Some users might be more comfortable staying on a known stable version for some time.
For notifications, you’d have to follow the relevant projects directly.
Right, and each project will have its own way of handling security issues (particularly when it comes to older versions). Will they point out that versions x - y of their flatpak are affected by a security issue in component z?
Flatpaks can guarantee you have a known-good dependency chain directly tested by the developers/maintainers themselves
What does known-good mean? What if a security vulnerability is found in one of the dependencies. With an old-style distribution there is a security team that monitors security reports and they will provide a fixed package. With flatpaks it’s not clear to me if those developers will monitor each dependency for security vulnerabilities and how they will handle that. Will users even be informed about a security issue, will a fix be backported or will it only be available in the latest version?
and newer versions won’t run due to library dependencies.
Mozilla seem to be able to limit library dependencies in their builds: https://www.mozilla.org/en-US/firefox/system-requirements/
But are they actually doing this? I am not seeing any changes: https://launchpad.net/~mozillateam/+archive/ubuntu/ppa still has the .deb packages
You mean like https://manpages.ubuntu.com/manpages/jammy/en/man8/snap.8.html
Still better than a random user claiming
This is a massive security vulnerability
with no justification whatsoever.
Verifying a snap package’s authenticity seems to suggest otherwise. What’s the source for your claim?
Was there even a change to the Firefox PPA? I am not seeing a change.
That link appears to be for a Windows driver.
The description says:
In this video, we’ll do a deep dive on what C++ Polymorphism is, what “virtual” does under the hood, and ultimately why it is SUCH a performance hit compared to languages like C and Rust.
This is not about compile-time polymorphism.
deleted by creator
It would have helped if you had actually posted a link to the correct web site.
Do you mean huntr.dev then? hunter.dev redirects to https://www.linkedin.com/in/williamhuntermitchell
Edit: not sure, huntr.dev says “We accept vulnerability disclosures in most public repositories on GitHub.”
“they put ads in the terminal” isn’t really accurate.
Their “ubuntu-advantage-tools” adds information to one of their other products to the output of apt. You can easily get rid of that by uninstalling/replacing “ubuntu-advantage-tools”. It’s definitely not like they are selling ad space in your terminal to third parties.
How is only having an LTS version vs. having a choice between using an LTS version or a non-LTS version not a downside?
but it’s limited to Ubuntu LTS versions
Mint would be based on Ubuntu 22.04, but I’d like to have something more up-to-date. I believe all other .deb based distros have the same issue that they are not as up-to-date as Ubuntu 23.04?
I am using a single package from Mint, the rest is Ubuntu 23.04. Mint would otherwise be based on Ubuntu 22.04?
Not sure if they have only just added a clarification, but it now says
Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent.
XFS is 29 years old and certainly still in use as well.
You mean, don’t trust a flatpak uploaded by a random person, but if there are enough fake reviews, it can be trusted?