-
Guus
I realize that it doesn't get more off-topic than this (feel free to answer in private), but as I expect this channel to have plenty of people with a comparable workload: what are your recommendations for a Linux desktop antivirus solution, for a developer machine (lots of compiling & associated disk activity)?
-
Zash
Guus: General security awareness?
-
Kev
Windows Defender :)
-
Zash
Only run code you wrote yourself. )✎ -
Zash
Only run code you wrote yourself. ;) ✏
-
Kev
(Only half a flippancy, my Linux Desktop runs Windows, because WSL2 is yummy)
-
MSavoritias (fae,ve)
flatpak with flatseal to sandbox everything with selinux on top and a custom secure kernel
-
MSavoritias (fae,ve)
(half joking)
-
intosi@ik.nu
Switch to DragonflyBSD, nobody targets that.
-
Zash
Don't compile and run viruses. Easy!
-
intosi@ik.nu
I don't have a lot of experience with live anti-virus scanning on Linux machines, just mail.
-
jonas’
Guus, I'm not aware of any sensible antivirus solution.
-
MSavoritias (fae,ve)
I have heard of clamv that does scanning and works on linux but havent used it
-
jonas’
clamav exists, but is not online AFAIK and is mostly used with email
-
MSavoritias (fae,ve)
ah. then no then
-
Guus
Thanks for the (mostly) helpful answers :)
-
Guus
My current shortlist-under-construction contains Bitdefineder, Kaspersky and ClamAV - Sophos also seems to support Linux desktop, but I grew quite tired of them when trying to support that on my parents' machines.
-
Zash
I'll just assume those are spyware viruses until proven otherwise. :P
-
jonas’
I highly doubt any of those will save you from the next typosquatting attack on your favourite package registry anyway
-
Zash
Oh yeah, threat model?
-
jonas’
(I suspect the threat model is "an auditor comes by")
-
jonas’
(which is the most common and least useful threat model :))
-
Guus
There's no 100% solution for anything, but having _a_ solution is better than having none.
-
Zash
In which case, go read the policy document!
-
Zash
Having a bad solution is worse than having no solution and being aware of it.
-
Zash
Just be careful, use your Common Sense™
-
jonas’
*Having a bad solution and overestimating its effect […]
-
Guus
as for auditors: if that makes a difference between 'landing a contract' and 'not landing a contract', I'd say it is a very useful thread model (not that it's currently applicable to me, but still).
-
jonas’
Having a bad solution and being aware of the exact limitations is ok.
-
jonas’
Guus, it's not a useful threat model for IT security, at most for business continuity ;)
-
Guus
Without business continuity there's little use for a IT security model.
-
jonas’
also correct
-
Zash
Everything is connected.
-
Kev
> Everything is connected. And so you describe the thread model.✎ -
jonas’
(but that only means that killing business continuity means you can stop worrying about IT security, so that's great! ;-) )
-
Kev
> Everything is connected. And so you describe the threat model. ✏
-
Zash
Become potato farmer, all IT problems gone!
-
Zash
(Welp, tractors have copy protection now???)
-
jonas’
you wouldn't download a ~car~ tractor!
-
Guus
"I asked software engineers a question and they told me to become a potato farmer."
-
jonas’
that sounds about right
-
Guus
This might go on my LinkedIn page.
-
Guus
(or maybe not)
-
emus
> Guus: > 2023-04-12 10:21 (GMT+02:00) > My current shortlist-under-construction contains Bitdefineder, Kaspersky and ClamAV - Sophos also seems to support Linux desktop, but I grew quite tired of them when trying to support that on my parents' machines. Why use them at all on a Linux system? I think ad-blockers are way more helpful. maybe you can also limit permissions for their users
-
Guus
I'm far from a security expert, but the "viruses don't affect/exist for Linux" argument feels dated to me. I like to err on the side of caution, provided that running an AV app doesn't dramatically impact my productivity.
-
jonas’
there definitely is malware targeting linux, and there's definitely also a lot which targets developers specifically (so-called "supply chain" attacks)
-
Zash
I had a virus once. I got it from the school Windows 3.11 machines on a 3½" floppy
-
flow
Guus, running an AV app likely dramatically increases your attack surface
-
Zash
Set up your stuff so you can easily wipe and restore from a clean image if you're worried? :)
-
jonas’
Zash, good luck doing that properly (i.e. including rotating all private keys)
-
jonas’
slightly more on-topic: does anyone happen to know if Jitsi runs on ARM64?
-
Zash
Client? Server?
-
jonas’
server, sorry
-
jonas’
and jitsi-meet to be precise
-
flow
that said, a better system architecture and a sensible AV implementation may help here. but right now, my gut feeling is that AV for Linux does more harm than good
-
flow
jonas’, isn't jitsi mostly java + prosody? if so, then at least the java part should run on arm64
-
Zash
Dunno why not, the Java and Lua bits should be fine.
-
Zash
But then I don't officially do any Jitsi Meet support at all, you should go ask their forum ;)
-
jonas’
I guess I'll just try it
-
Guus
there are some platform-specific things that they (used to?) have
-
Guus
https://github.com/jitsi/docker-jitsi-meet/issues/1214
-
jonas’
that seems docker-specific, I don't use that.
-
Guus
The Openfire plugin that I used to maintain had platform specific binaries too. Never tried for ARM
-
Guus
The issue is docker-specific, but its comments mention libraries.
-
Guus
but yeah, try and see. Or ask them, they're pretty responsive.
-
jonas’
their venues are incompatible with me
-
jonas’
(discourse)
-
Guus
less or more incompatible than their software on arm64? :D
-
Guus
Dele Olajide: do you happen to know if Jitsi Meet runs on arm64?
-
Menel
> Dele Olajide: do you happen to know if Jitsi Meet runs on arm64? Everyone changing their hetzner plan? 😄 ↺
-
jonas’
:)
-
Kev
Did something happen at Hetzner?
-
jonas’
they now offer ARM64 boxes
-
jonas’
for ~30% less bucks than the AMD64 boxes.
-
Ge0rG
> Makefile:109: target 'build/landing-example.html' doesn't match the target pattern I wasn't even trying to build that. I wanted to build 0198 only
-
MSavoritias (fae,ve)
Sounds like amazon and r6g that is happeninp now
-
Ge0rG
oh, looks like that was a forgotten proto-xep in my project root dir
-
jonas’
please keep editor tooling discussion to editor@
-
Ge0rG
sorry
-
Kev
I'd have thought that the line between "discussions for people authoring XEPs" (which belong here) and "XEP Editor tooling" are probably fairly blurry in this case.
-
Ge0rG
I'd rather not have anyone die on that hill
-
Guus
I'd rather not have anyone die, period - but I tend to agree that it's more on-topic than the discussion on Linux AV...
-
emus
^^
-
MattJ
Regarding the recent-ish discussion about resumable file uploads, here's a thing: https://tus.io/
-
raucao
it's a good thing!