<ahref=index.xmltitle=RSSaria-label=RSS><svgxmlns="http://www.w3.org/2000/svg"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"height="23"><pathd="M4 11a9 9 0 019 9"/><pathd="M4 4a16 16 0 0116 16"/><circlecx="5"cy="19"r="1"/></svg></a></h1></header><articleclass=post-entry><headerclass=entry-header><h2>Choosing Your Desktop Linux Distribution</h2></header><divclass=entry-content><p>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer....</p></div><footerclass=entry-footer>5 min · 944 words · Tommy</footer><aclass=entry-linkaria-label="post link to Choosing Your Desktop Linux Distribution"href=https://privsec.dev/os/choosing-your-desktop-linux-distribution/></a></article><articleclass=post-entry><headerclass=entry-header><h2>Docker and OCI Hardening</h2></header><divclass=entry-content><p>Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries....</p></div><footerclass=entry-footer>19 min · 3925 words · Wonderfall</footer><aclass=entry-linkaria-label="post link to Docker and OCI Hardening"href=https://privsec.dev/os/docker-and-oci-hardening/></a></article><articleclass=post-entry><headerclass=entry-header><h2>Linux Insecurities</h2></header><divclass=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footerclass=entry-footer>2 min · 238 words · Tommy</footer><aclass=entry-linkaria-label="post link to Linux Insecurities"href=https://privsec.dev/os/linux-insecurities/></a></article><articleclass=post-entry><headerclass=entry-header><h2>Securing OpenSSH with FIDO2</h2></header><divclass=entry-content><p>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they’re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They’re also easier to manage while enabling a form of decentralized authentication (it’s easy and painless to revoke them). So, what’s the next step? And more exactly, why would one need something even better?
<ahref=https://github.com/adityatelange/hugo-PaperMod/rel=noopenertarget=_blank>PaperMod</a></span></footer><ahref=#toparia-label="go to top"title="Go to Top (Alt + G)"class=top-linkid=top-linkaccesskey=g><svgxmlns="http://www.w3.org/2000/svg"viewBox="0 0 12 6"fill="currentcolor"><pathd="M12 6H0l6-6z"/></svg></a><script>letmenu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();vart=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>varmybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>