Has bugs, is way too complex for the given functionality, and is completely unneeded in the first place--yes, get rid of the damn thing. Unless of course you enjoy getting "your" system OWNED and dominated by bad actors.
My custom distro beats the brakes off junkware like Ubuntu and (lol) Windows in startup time and responsiveness, and has all of the functionality I need, with half the code and as a result much fewer gaping security holes.
Computer security is an absolute nightmare these days. Intelligent people should be simplifying things and stripping everything down to the bare minimum, instead of stacking more crud on top of endless crud.
Those who fail to SECURE their systems and workflows will one day in the near future be surprised as shit to find that the entire "cloud" has been hacked and destroyed by worms and their system trashed right along with it. At that time, the world will be divided into two camps: computer owners (me and my kind) and non computer owners (everyone else.)
Who cares? If you don't take computer security seriously, you won't be computing much longer. Before it's over with, mine will be the only opinion still in existence. It's called "natural selection."
>is way too complex for the given functionality, and is completely unneeded in the first place--yes, get rid of the damn thing. Unless of course you enjoy getting "your" system OWNED and dominated by bad actors.
This is a rather nonsense statement. Polkit (or something like it) is needed if you want to have those macOS-style "program A wants to have permission to access privileged resource B" security prompts in the GUI. It's about as complicated as any similar solution needs to be for that use case. Perhaps you find these to be annoying and you disable them so they always succeed, but with that you've effectively given every program permanent suid root access. Definitely simpler, but can you say it's less of a security nightmare? I wouldn't. Yes there are risks of vulnerabilities in any security layer, but without them you've got no security layer at all.
If those checks always fail, you've now lost that functionality to do anything requiring elevated permissions and made your system less useful. You could get it back by installing a suid root tool like sudo/doas but that opens the same hole again that elevates these problems from a crash into a CVE.
I don't want or need popup permission prompts. If something needs to run as root, I run it as root from the console, as God intended. In the process I am assuredly avoiding all sorts of potential security vulnerabilities, such as this polkit code which is not installed on my system. Now get off my lawn.
Computer security really isn't THAT much of a nightmare for an average user. How many people do you know that got hacked lately, for any reason other than not using 2FA, or installing random garbage?
If you don't own cryptocurrency(That is more critical because it can't be reversed), you're probably way more at risk for physical theft than cyber crime.
In fact I think we are more secure than ever before because browser sandboxing actually works worth a crap, unlike 10 or so years ago.
The more you strip out of a system, the more manual work you need to do, and the closer you get to just a fancy version of a pencil. Technically, every line of code is a security risk.
But a lot of things just... are barely worth it when ultra simplified, and you start spending more time than you save at a certain point.
This bug is pretty bad, and I could see distros getting rid of it, but only with plenty of thought and analysis and maybe a replacement. They clearly put it there for a reason. Lots of stuff seems to need it.
And unless you use sandboxing or multiple accounts for different things.... if you have attackers running as your user, you are already screwed.
You're part of the second group I mentioned: the one that won't be computing much longer.
> Computer security really isn't THAT much of a nightmare for an average user.
"Average user" and "common idiot" are one and the same. Common idiots never see danger coming until it's too late.
> How many people do you know that got hacked lately, for any reason other than not using 2FA, or installing random garbage?
It's not about what has happened, it's about what easily CAN happen, and therefore WILL.
By the way, 2fa being forced down everyone's throat is not for your benefit. Notice how they never will allow you to use a voip number for 2fa? How could TPTB track your every move via GPS if you use voip?
> If you don't own cryptocurrency(That is more critical because it can't be reversed), you're probably way more at risk for physical theft than cyber crime.
LOL. Crypto is a scam. Bitcoin is going to crash to zero, and you're going to lose everything. Next TPTB will introduce their own Officially Approved digital currency, which is specially designed so that your account can be locked or restricted or emptied with the click of a mouse button, and so that you cannot possibly ever avoid any taxes.
You've got some tough lessons to learn about how the world works.
Meanwhile my use of physical, hard currency will keep me free and at liberty forever.
> In fact I think we are more secure than ever before because browser sandboxing actually works worth a crap, unlike 10 or so years ago.
If by "secure" you mean "in Google's firm grasp", you are correct. If you really meant "in control over your own computer", no, you are not.
Try patching Chromium to remove all the spyware and malware as I have done, and note how you and your browser are now treated as Enemies of the State by the Big Corp controlled internet.
> The more you strip out of a system, the more manual work you need to do
Freedom isn't free, nor is security.
> But a lot of things just... are barely worth it when ultra simplified, and you start spending more time than you save at a certain point
How would you know? You've never even tried to escape from the Goolag.
My system beats the brakes off yours in virtually every metric, especially speed and security, and has been worth every hour spent working on it.
> if you have attackers running as your user, you are already screwed.
You mean like the attackers you willingly give root access to your machine by allowing them to regularly stream arbitrary binary code to "your" (their) computer, and regular user access via metrics and update checks and every other sort of outgoing network connection on their schedule and not yours, any one of which could trigger a buffer overflow and code injection event? Yes, you are screwed six ways from Sunday.
If the world ever gets bad enough that I have to hide from Google and TPTB, your customized system will probably be contraband. In which case, I wouldn't want something like that, because I... don't want to go to jail, and I am rather certain they could find out if they wanted to.
Probably by machine learning looking for houses with an absence of pings to certain servers and using old fashioned police work from there.
Keeping that scenario from ever happening is a political issue. Perhaps it is in part technical too, but ultimately, people should not have to live like fugitives. For the same reason they shouldn't have to wear a guy fawkes mask in public.
And if someone does need to, they probably don't consider themselves to be free.
I may have never tried to get away from Google, but we did grow up poor enough to not have the latest tech for quite a long time.
It would be nice if it was possible and convenient, but a lot of things are still way behind.
When you add up all the details... it's probably more of a luxury than being rich in the gilded age, and it's accessible even to people like me who don't even make minimum wage when you take into account all the Ubers and Lyfts and crap.
With simple technology, one mistake and it's all gone. It doesn't help you out at all. Remember how this stuff was done 15 years ago? Nobody ever would trust computers for anything important. We all used pens and paper every day.
Every person I know who cares about privacy seems to need tons more analog tech than I do.
Lose your phone? Too bad, there was no Google page with which to track it and remote control it. Lose your wallet? Hope someone turns it in. There was no Tile.
Cooking and need to set a timer? Better wash your hands first and be careful not to forget in the time it takes to do so, or you'll make a mess and transfer germs when you touch the timer.
It would be a LOT of work to set up replacements for all of this while preserving privacy.
These things are only a few minutes per day, but collectively they are a big lifestyle change.
Eventually, open source will catch up. But it is slowed down by the fact that the FOSS community.... likes to shit on such things and doesn't want them to exist at all, and prefers ongoing manual involvement, and shits on most zero conf stuff, because they're so absolutist about security and minimalism.
You don't have Firefox or any browser? How are you posting? W3m? I would imagine that these have an enormous amount of bugs and security issues if parts of basic Linux programs are riddled enough with them by your standards.
That's worked pretty well e.g. for OpenBSD. Their code isn't perfect, but they've evaded lots of bullets simply by removing things they don't deem necessary.
I think I've evaded many bullets exactly the same way.
More code and more complexity -> more bugs, more holes. It's pretty simple.
My custom distro beats the brakes off junkware like Ubuntu and (lol) Windows in startup time and responsiveness, and has all of the functionality I need, with half the code and as a result much fewer gaping security holes.
Computer security is an absolute nightmare these days. Intelligent people should be simplifying things and stripping everything down to the bare minimum, instead of stacking more crud on top of endless crud.
Those who fail to SECURE their systems and workflows will one day in the near future be surprised as shit to find that the entire "cloud" has been hacked and destroyed by worms and their system trashed right along with it. At that time, the world will be divided into two camps: computer owners (me and my kind) and non computer owners (everyone else.)