Snap and modern software (was: Remove /snap directory)

rikona rikona at sonic.net
Fri Dec 16 18:05:08 UTC 2022


On Thu, 15 Dec 2022 17:18:17 -0600
Keith <keith at caramail.com> wrote:

> On 12/15/22 1:40 PM, rikona wrote:
> > On Wed, 14 Dec 2022 14:04:54 -0600
> > Keith <keith at caramail.com> wrote:

<BIIIG snip> :-)

> And where to begin to do that? The kernel, obviously as the linked 
> articles above would mandate. Maybe that big ol' linux-firmware
> package full of unauditable binary blobs that makes your hardware
> devices work. I guess you trust hardware vendors from foreign
> countries like China to provide non compromised firmware, right?  Of
> course, there's the cpu and chipset microcode to consider, especially
> with Spectre and other exploits of mostly Intel cpu vulnerabilities
> out there.  Oh, and if you plugged in any usb devices into your
> system, you'll probably want to check to see if they've
> surreptitiously flashed the usb controller firmware, or hard drive
> firmware, or whatever else is flashable on your system to load
> undetectable spyware on bootup. Bad, bad USB.
> 
> Trust is the key here. Who do you trust?

Thanks for the interesting list. I know about many of those, but it's
always nice to hear about a few more.

I trust nobody 100%. Trust is not binary - I just try to get the
highest number. :-) Some, like China, get low estimated trust levels,
and don't get used at all if possible. Back a bit I had the firewall
block calls to China - and some seemingly innocuous devices refused to
work at all. And Comcast refuses to work unless I use their DNS
servers. Problems everywhere. And there's also privacy, which is a bit
different but still important.

So, what do YOU do to keep 'secure', given all the problems? Or do you
just accept that you're NOT secure?




More information about the ubuntu-users mailing list