Snap and modern software (was: Remove /snap directory)

[rikona]

On Thu, 15 Dec 2022 17:18:17 -0600
Keith <keith at caramail.com> wrote:

> On 12/15/22 1:40 PM, rikona wrote:
> > On Wed, 14 Dec 2022 14:04:54 -0600
> > Keith <keith at caramail.com> wrote:

<BIIIG snip> :-)

> And where to begin to do that? The kernel, obviously as the linked 
> articles above would mandate. Maybe that big ol' linux-firmware
> package full of unauditable binary blobs that makes your hardware
> devices work. I guess you trust hardware vendors from foreign
> countries like China to provide non compromised firmware, right?  Of
> course, there's the cpu and chipset microcode to consider, especially
> with Spectre and other exploits of mostly Intel cpu vulnerabilities
> out there.  Oh, and if you plugged in any usb devices into your
> system, you'll probably want to check to see if they've
> surreptitiously flashed the usb controller firmware, or hard drive
> firmware, or whatever else is flashable on your system to load
> undetectable spyware on bootup. Bad, bad USB.
> 
> Trust is the key here. Who do you trust?

Thanks for the interesting list. I know about many of those, but it's
always nice to hear about a few more.

I trust nobody 100%. Trust is not binary - I just try to get the
highest number. :-) Some, like China, get low estimated trust levels,
and don't get used at all if possible. Back a bit I had the firewall
block calls to China - and some seemingly innocuous devices refused to
work at all. And Comcast refuses to work unless I use their DNS
servers. Problems everywhere. And there's also privacy, which is a bit
different but still important.

So, what do YOU do to keep 'secure', given all the problems? Or do you
just accept that you're NOT secure?