Very interesting indeed! And thank you for raising awareness!
There’s another similar project that’s still WIP and that hasn’t received a lot of development recently. Though, its maintainer does provide hardening scripts for Fedora’s Atomic distros that are worth looking into. Hopefully, we might even expect a collaboration of sorts between these projects early next year 🤞.
Again an association is made between butt plugs and Arch users. I wonder if moving forward showing a collection of butt plugs will become the next “I use Arch, btw”.
Apart from having all the nice KDE integration
I’m a sucker for GNOME :P , but I’ll keep it in mind.
things like Keepass integration
The flatpak does allow integration, but isn’t built-in unfortunately; so one has to fiddle a bit themselves to set it up.
Fido2 keys
I should rely more on those. Do you have any recommendations? I’ve been hearing good things about Nitropad and Yubico, but I honestly don’t know if they’re actually good and how they would fare amongst eachother.
drag and drop
Overrated anyways /s :P .
Also afaik the Fedora Firefox has a good SELinux profile
It’s probably better configured with the native package than the flatpak one indeed. I wonder if this will change as Fedora is interested to ship Firefox as a flatpak by default on Silverblue (and variants).
it runs damn fast. I did a speed test and it was best
I haven’t had the best internet speeds since I’ve been relying on free VPN. But that’s on me :P .
as from Firefox RPM for example I can open any file and save anywhere. But its process isolation right?
For Firefox, the verdict on its native sandbox vs Flatpak’s native sandbox doesn’t seem conclusive. With -assumingly- knowledgeable peeps on both sides of the argument, which indeed does raise the question how knowledgeable they actually are. Nonetheless, for myself, I’ve accepted Flatpak’s sandbox to not be inferior to Firefox’ native one. Thus, I don’t see any problem with using its flatpak.
No the NV41MZ for example has no numpad.
That’s unfortunate.
but it was the only clevo on like all Europes Ebay. Literally shipped it in from Great Britain
Honestly, I haven’t done a lot of business on Ebay. So, I don’t know a lot on how much cheaper you might get devices from there. Though, I wonder if it’s a lot cheaper than say this device.
spare parts
It seems NovaCustoms offer some spareparts. I wonder if the ones not explicitly stating NV4xMZ can be used on your device as well.
It’s unfortunate to hear that; with the chassis being my biggest concern as I don’t think you would be able to find suitable replacement for that. As for the keyboard, perhaps an affordable and portable external keyboard might help you with that.
Officially supported doesnt mean its more stable.
Never implied that anyways. Official merely ensures that the amount of trusted parties can be minimized.
Bubblewrap is not insecure.
Bubblewrap, when properly applied is indeed excellent; perhaps the best utility to sandbox applications on Linux. I’m thankful that flatpaks makes use of bubblewrap, namespaces and seccomp to offer relatively safe/secure apps/binaries, I’m unaware of any other ‘(universal) package manager’ within the Linux-space that offers similar feats in that regard. Unfortunately, Chromium-based browsers just happen to have an even stronger sandbox -if properly configured- than flatpaks are currently capable of.
Hehe :P , consider to keep us updated on how it goes ;) !
Clevo MZ41
Would that be the Clevo model that NovaCustom’s NV41 Series is ‘based’ on?
doesn’t do anything better than Firefox or Librewolf.
Besides the fact that some sites misbehave on Firefox(-based browsers), it does if you’re actually security sensitive; Chromium’s sandbox is simply superior to Firefox’.
I didn’t even mention the CEO, you must have confused my reply. It’s the product being X and doing Y which I don’t like.
It’s true that you didn’t mention anything regarding its CEO, but I assumed your comment might be related to it. It seems not to be the case; my bad for assuming and mentioning it and thank you for clearing yourself from that ‘allegation’!
Would it be fair to assume that your primary gripe with Brave is its (at best) controversial stance regarding the ‘open’ source nature of their product?
Besides the already mentioned Star Labs and System76, there’s also Insurgo, Nitropad and NovaCustom.
As for an exhaustive list on the matter, unfortunately, I don’t think something like that is out there. Though both Canoeboot (formerly known as Libreboot) and Dasharo do have their own respective lists.
Nice, their marketing works.
You can’t deny its merits. At best you can question their integrity based on bad business-practices in the past. Their CEO being “X” and doing “Y” does not inherently make the software bad.
If you really cared about privacy you’d probably use something like Librewolf, which is not proprietary.
From OP: “at times I have to rely on a Chromium-based browser if a website decides to misbehave on a Firefox-based browser”
You already use an arch container that has access to the AUR, which has literally every package, available on linux.
if anything, flatpaks are THE official (universal) packaging format for Linux
I don’t deny that, I make good use of a ton of flatpaks on my system. I also believe that it’s the best we have. And I would literally switch to Brave as a flatpak if it would satisfy the following:
What does Brave give you what the other Chromium based browser doesn’t have?
Brave is known to take privacy (and security) more seriously than its contenders. It’s therefore unsurprising to find it recommended by Privacy Guides. Some of its unique features related to privacy can be found here.
Maybe you can install add-ons instead?
Excellent extensions like uBlock Origin heavily rely on Manifest v2 in order to do their bidding. Unfortunately, Chromium intends to stop supporting it. Which will inevitably lead to many Chromium-based browsers to follow the lead and stop supporting it as well. At least Brave has confirmed multiple times to support Manifest v2 longer. Furthermore, I’m not aware of any extension that does an equally excellent job at spoofing your fingerprint randomly. Though, I’d love to be corrected on that.
This wouldn’t sit well with most privacy conscious folk out there. Though, I can understand it from a security point of view. Especially, when one notices that Chromium isn’t installed from Fedora’s repos, but instead the RPM is built to offer a more up-to-date version that should provide improved security compared to the stable version.
Probs for the sake of disabling unprivileged user namespaces; as you might have correctly alluded to.
I imagine for the sake of minimizing attack surface.
The Nix package manager is installable on Fedora’s atomic distros, so perhaps that route is worth exploring.
To my knowledge, Flatpak’s sandbox indeed isn’t achievable by default with RPMs; unless one knows how to properly utilize SELinux to that effect.