Sorry, misunderstood. Proxmox Free broke my containers on updating a while ago.

Now I use Docker-style application containerizing, but I think LXC (the base technology powering Incus/LXD) is useful in a number of situations and perfectly viable for use. I think Incus-containerized applications are easier to upgrade individually (like software updates of your apps, no need to recreate the container image) and gives a closer to native experience of managing. You do lose out on automated deployment of applications from widely available image sources like docker.io, but the convenience-loss is minimal.

If incus works for yoy, use it. Proxmox locks you out of the option to choose your base server distros.

I remember updating (maybe a year ago now) and it making all my containers unaccessable.

DivestOS is the most thoroughly degoogled of the android ROMs (it removes the most proprietary binary blobs). DivestOS is also decently security hardened, better security hardening than any other Android ROM other than GrapheneOS. But since it removes more of these proprietary blobs, it further reduces the attack surface of the ROM. Both GOS and DivestOS are good options. As commented by another user, /e/OS falls behind on security updates often, which is quite bad for a security or privacy focused OS.

I assume they mean proprietary code blobs.

If they want proper anonymity, the user needs to protect against fingerprinting from the duckduckgo website (Tor or Mullvad). If by anonymity you are meaning from OpenAI, then duckduckgo needs to be running user’s text prompts through a paraphrasing LLM to normalize text and avoid deanonimization using writing-style Fingerprinting.

Unofficial MCPE launcher is the only way to run bedrock on Linux

Many mechanics, and bugs, and features. Redstone is very different because the bug/exploit parity doesn’t exist and even obvious features are different (Redstone attaches to pistons). When they add a new mechanic, the bugs are different and unique to each game. Like because cauldrons can hold potions in bedrock, you can (idk if its changed) use the newish block dripstone to increment the potion fullness, duplicating it.

I assume it has documentation, otherwise you can look at the Flatpak docs to see the equivalent terminal commands that are available in the GUI. Flatseal is pretty intuitive in my experience.

On linux for the Obsidian Flatpak, you can deny it having internet and filesystem permissions using Flatseal.

How recently. I tested with Mullvad and it gave me a notice.

They block VPN users.

deleted by creator

Microsoft Activation Scripts (MAS)

Alternatively to upgrading edition check out these apps:

• KDE Connect
• Syncthing

Yeah, any security focused android ROM won’t include root because it breaks the android security model. Breaks the ability to have secureboot and system safety checks by apps.

DivestOS is the most degoogled (removes the most proprietary blobs) android ROM. See if your device is on this list: https://divestos.org/pages/devices

1. My point was that standard linux should have those things too if it wants to be considered “secure”. Default Linux isn’t secure out of the box without a lot of work. It is more private than proprietary OSes but not more secure, therefore compromising your ability to safeguard privacy as a result. Linux is also a great target for threat actors because the majority of servers run Linux, meaning security researchers and cyber criminals alike are looking for weaknesses. I’d recommend looking into Android’s Security model because it is interesting and gives insight on designing a secure mobile device. Stock Android suffers from OEMs not providing consistent long-term updates for devices, which 3rd party security hardened ROMs like DivestOS and GrapheneOS help to address.

Extra reading: see Whonix comparison table to see what they look for when choosing a base OS that can be later hardened for security. Note that some things in the table are not security specific but important for anonymity (which Whonix modifies to Kicksecure to better protect). Whonix is a security focused operating. Here is a comparison of different memory allocators showing their features for preventing different types of exploitation. Memory based attacks consistently are reported to be one of the most common types of attacks.

2. Here is a link to the Wikipedia page on Linux-libre Kernel. I’m not suggesting this should be the default, was just making a point that binary blobs may be needed in a kernel for compatiblity or security (eg updating firmware that is vulnerable when that happens).

Point still stands. postmarketOS isn’t hardenned. Default desktop linux isn’t hardened. Malware could easily infect your device and exfiltrate data, escalate privileges, modify the kernel, etc. Each of the things I have mentioned (hardened_malloc, immutable OS, hardened kernel, hardened firewall, removal of identifiers, full disk encryption, locking of root login [not the same as invoking root], MAC hardening through SELinux or/and AppArmor, service minimization for reduced attack surface, package manager hardening, secure boot, sandboxing of applications, etc) should be implemented for both Desktop or Mobile Linux to have “good” security. Security is preventative. All of these things come together to create a system better equipped to protect against know and unknown threats, which especially true for mobile devices which are near-costantly in unknown environments. A vulnerable device is weak link in the chain of your security, which can be used to compromise your privacy. You may never be attacked or have your device exploited, but that doesn’t make it secure as a result.

I would love to see an actually secure mobile device that is rid of Google’s stench. Problem is postmarketOS isn’t secure, its just default linux on a phone. If it saw largescale adoption (which we all would like a good alternative to do) it would be easily exploited.

It says postmarketOS is based based on alpine Linux, which according to Whonix doesn’t meet their threat model and it’s odd to claim “Alpine Linux was designed with security in mind” when Alpine’s package doesn’t pass The Update Framework model. A vulnerable package manager can be used to compromise a system, read more package management on TUF’s website.

Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?

If PostmarketOS is just ARM linux with minimal changes than it isn’t secure enough for a mobile device. All apps should be sandboxes regardless of whether you can trust the code or developer. Each app expands the attack surface of your device.

Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.

Nah I dont think that at all. But DivestOS and GrapheneOS are the most security hardened. DivestOS takes extra steps to further deblob Android of proprietary bits to further reduce attack surface. See my other reply for my detailed (barely scratching the surface) insight into why Linux isn’t a good mobile OS, but more so how Linux isn’t security hardened well at all by default.