Linux for gaming, is this a good time to jump the windows boat?

Anything not relating to the X-Universe games (general tech talk, other games...) belongs here. Please read the rules before posting.

Moderator: Moderators for English X Forum

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 00:24

Sandboxing, done the google way with a suid sandbox, actually circumvents Linux user space restrictions. It is not a security feature, but a root kit. They promised for more than decade to change it, don't know if that has happened by now. Linux/Unix has its sandboxes they are called user space and circumventing the by software only creates backdoors and rootkits.

Any Linux/Unix is many many times times more secure in every aspect than Android. Android is a catastrophe, a cheap farce of an OS. Thought was common knowledge, but I let you guys go out on a search.

Your list, in the section 2021, confirm that attacker needs local access and/or modification of system files is not possible.

Linux isn't invulnerable, that's sure.

And yeah, I was imprecise. With Linux hack I meant "get root privileges" without physical access or user aid installing unsafe software. I have yet to see it. At best the exploit vector was unknown, as in a recently reported hack linked to professional (Isreali ?) corporation whose name I forgot. Sure, if people run a google chrome browser with the suid sandbox anyone in between with the power to modify the file and its sigature can gain root access, simply because the file has root privileges on execution. But one doesn't install such nonsense.

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by red assassin » Sat, 23. Oct 21, 00:36

Chrome hasn't used the setuid sandbox since the kernel introduced suitable sandboxing mechanisms in 3.10 (2013). It uses user namespaces and seccomp-bpf. Firefox uses the same mechanism.

You could try providing some actual citations or examples for Android being less secure than "any Linux/Unix", rather than everyone's favourite "do your own research". It's not true.

"The user never runs any unsafe software" is an incredibly optimistic security perspective - the vast majority of malware affecting other OSes starts with the user running something they shouldn't as well! - but sure, desktop Linux gets RCEs as well: https://ubuntu.com/security/notices/USN-3806-1 https://ubuntu.com/security/notices/USN-3807-1
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 01:04

Well, that's a bi like asking textbook knowledge. A smart phone OS and one that runs on supercomputers (I am not talking of other mobile Linux distributions which may be worse than Android) may have a common genetic heritage, but not actually much functional overlap.

And yes, it is my opinion as well that the user (me right here) is the biggest risk, and that's why I advised against any installation aside from the OS repositories and maybe a well reputed game or two. People shouldn't give the control away, to google, steam, or others.

Linux is a multi-user (10s of thousands) OS and a user is without higher intervention not able to install software outside their space. For that there are configurable user rights which the administrators must set up. That's not trivial and multilayered, but you certainly know that.

Btw. google chrome still used the suid sandbox in 2020 (own check and I think it is still used as a fallback), they say it is not yet completely removed. https://chromium.googlesource.com/chrom ... lopment.md

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by red assassin » Sat, 23. Oct 21, 10:39

You seem to have much better textbooks than I do, so for my benefit please list some of those security features that are present in a modern supercomputer Linux distro and a modern version of Android.

Google still provide the setuid sandbox to support kernels which don't support user namespaces, yes. It's certainly not ideal as a sandboxing mechanism, but it's better than nothing, which is the alternative on kernels that don't provide real sandboxing features! As the issue linked from that link says, the sandbox helper binary there isn't required if you're not on a kernel that needs it, and hasn't been since 2016.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 11:33

Without going into details because much is not publicly disclosed - contrary to the common opinion it was an open source OS - by google and google controls the apps that run on it. And frankly, no idea how one can assume that there is no difference. You can even bake your own kernel in Linux, harden it with the features you like and need, strip it down or blow it up. With Android you're stuck to what Google gives you to eat.

Android isn't really open source:
https://www.makeuseof.com/tag/android-r ... ce-matter/

There's another main difference from a user pov, imo the one that makes it an absolute nono: Software installed from the repositories of one of the Linux distributions like Debian (and many, but not all of its derivatives), Suse, RHEL, etc. are up to now safe to install without ado. On Debian one can choose between pure open source (depending on manufacturers helpfulness or absence thereof), contributions and non-free software. Also between 3 rollouts, one that has the latest features but may be unstable, one that is in testing but reasonably stable, and one that feature frozen and only receives security updates but may lack some modern features and specific support of hardware. The Android market place is not safe, in contrary. You catch everything from trackers to keyboard readout, and you have that in the news every other day (switch search engine if not).

Malware in the google store (just the first hit out of many):
https://arstechnica.com/information-tec ... id-market/

Of course not all is known because of the partly closed sources in Android, but there have been and speculatively still are a lot of vectors to take over an Android device with remote access. Such things do, (for now and to my knowledge) not exist on Linux:

Hackers can take over Android devices without notice:
https://arstechnica.com/gadgets/2021/05 ... abilities/

... and the list goes on.

--------------
So, yeah, I'm as sorry as necessary :-) But apart from the initial use of a Linus kernel Android hasn't much in common with any full Linux implementation. But I am genuinely interested, why do you think that there are no or little differences ? Seems like a very far fetched assumption to me, given the code base, the philosophy, and the target audience as well as hardware bases ...

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by red assassin » Sat, 23. Oct 21, 16:08

Mostly you're confusing the level of interest in targeting a given OS with the actual security of said OS. Android has over three billion active devices - of course there's an enormous amount of interest in compromising it! Desktop Linux has an install base of millions of devices at best, so by comparison there's very little interest in targeting it. Server Linux is a lot more prevalent, but there's a great variety of server Linux malware out there (and those links are by no means a comprehensive literature review!).

As far as your specific issues go:

You can build an open source version of Android if you want; there's various projects doing this, of which the biggest is probably LineageOS. Most people don't do that, but most Linux users don't alter anything significant from their chosen distro either. This is a philosophical issue rather than a security issue anyway: the main factor that influences security is whether the primary maintainers/contributors take security seriously, not whether the code is open. It's very easy to assume that open source code is safe because people are looking at it, but if there's one thing that should have become clear after everything from Heartbleed to the FreeBSD Wireguard drama (which specifically calls out it being almost impossible to get a code review for FreeBSD kernel commits!), it's that people generally aren't looking unless they get paid to do it. By contrast, closed source OSes like Windows and iOS have made enormous security improvements over the last decade. Linux has too, but only with an enormous amount of corporate sponsorship of security research. This isn't necessarily to disagree with open source code in a philosophical sense, but it's not a security panacea. Likewise, you may not be comfortable with Google's level of control over the OS and your data - for good reason! - but if you use Android you're choosing to agree to that trade. Indeed, this has security benefits too - Google's TAG is the reason you know about the "vectors to take over an Android device with remote access" you refer to in the first place. Is anybody looking for that on your Linux system?

Relatedly, the assumption that all code in the repositories for major distros is automatically safe is flawed. You're assuming that nobody's able to introduce backdoored or deliberately vulnerable code into a package somewhere in the billions of lines of code that the distro ships, and that nobody's compromised or altered the distro's build servers to introduce stuff that doesn't show up in the source code. (See SolarWinds.) Of course, there certainly is malicious stuff in the Play Store, but there's also over three billion users demanding an endless stream of apps for their devices: if you had three billion users and millions of developers building apps for desktop Linux, stuff would slip through as well. And Android's permissions model limits what a malicious app can do in a way that is completely not true of desktop Linux. Apps have to specifically ask for permissions to get sensitive things like your location, access shared files like your music and downloads, etc. Keyboards have to explicitly register themselves as keyboards, which comes with a bunch of warnings about being able to read your input. Apps don't have access to each others' files, so it's not possible for a malicious app to, say, lift the contents of your email inbox (which is stored in an app-specific sandboxed storage which other apps can't access). None of this is true on desktop Linux: you run one thing you weren't supposed to, or which was vulnerable to something, and it can entirely freely lift all your data. Server Linux is better - you'd typically run different services as different users, and increasingly in different sandboxed containers - but of course a server is far more exposed than an end user device anyway.

I'm certainly not claiming that Android doesn't have security issues - all software has security issues - but Android is better than you think it is and desktop Linux is worse.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

Vertigo 7
Posts: 3458
Joined: Fri, 14. Jan 11, 17:30
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by Vertigo 7 » Sat, 23. Oct 21, 17:32

You're not even touching on the IoT devices running Linux and Android that are often poorly maintained by both the users and manufacturers.
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 18:53

@red assassin, nonsense, I am not confusing nothing. Let's stay on topic.

There is lot of Linux malware for desktops and servers and even rootkits that but all need the user to actively install them or the attacker to have local access. That can easily be avoided by simply not installing the package that says click here to install me,, even if it is from google. Windows and Android can be taken over from outside without any active help from its users.

@Verigo 7:We are taling about classic desktop Linux (here: Debian, RHEL, Suse, etc.) replicating Unix, not any derivatives with stripped and changed functionality, which certainly are unsafe. Android, which belongs to the latter, is the exception here. There are hundreds if not thousands of "Linuxes" that have little or nothing in common with the unixoid family of operating systems that run on PCs, Servers and other machines.

Again, a Linux desktop or server takeover without any help from inside or the hacker having local access has still to be made, which is not the case for Windows and Android, right ?

Whataboutism aside, ny initial argument was and is: avoid undocumented sofware, use Linux with the repositories of the distribution only. An exception from that advice is only software that you can absolutely trust. That'll be the graphics driver (hopefully), the game you're playing (hopefully), maybe a bought specific software package (for astronomy software for me).

When the underlying hardware is holey (Intel a bit more than amd), then this is of course somewhat in vain.

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 19:23

@red assassin wrote:
"Relatedly, the assumption that all code in the repositories for major distros is automatically safe is flawed. You're assuming that nobody's able to introduce backdoored or deliberately vulnerable code into a package somewhere in the billions of lines of code that the distro ships"

Please read up how the code base of the Linux kernel and a distribution like Debian are maintained. Just recently, an American university has been thrown out of kernel dev because they tried repeatedly to introduce bad code just to prove something, were caught, tried again, were thrown out. So, your argument that there is no 100% certainty may be right , but it is pretty high. Much higher than any closed source system where nobody really knows what's in it and a mere disclosure of part of the (15 year old) codebase is seen as a security risk.

Hoy ridiculous, from the view point of an os OS :-) There's something to it to trust that way more than the closed one ;-)

-------------

Edit: I would like to underline the point "Why is Linux safer than Windows" with a few links of mixed origin that are more elaborate on the matter, because it helps the thread advance somewhat:

Why Linux ?

https://www.pcworld.com/article/508291/ ... ndows.html

https://www.lifewire.com/windows-vs-linux-mint-2200609

https://medium.com/codex/5-reasons-why- ... 036c3d3324

Why not Linux ?

- A user should learn a bit how to oparate the OS. That can be fun for some, or frustrating for others.
- Games aren't a strength of plain Linux. That gets better with clients like Steam, emulators like wine, or specially fabricated Linux versions like Steam OS. On the danger of the above mentioned effects on security, that is to saygive up much of why people switched in the first plac: to achiee higher security.
- drivers for latest and shiny hardware and peripherals lack behind windows for people who insist on it.

But that's about it, imo. Nearly all every day software is available on Linux as well, and installation is just a iso download, boot and click "automatic install".
Last edited by BaronVerde on Sat, 23. Oct 21, 19:52, edited 1 time in total.

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by red assassin » Sat, 23. Oct 21, 19:43

No, you are: you're asserting that because you're not aware of a full remote compromise of a Linux desktop, one is not possible because the OS is inherently more secure. But that's nonsense.

Firstly, I already linked two examples of Linux desktop (and server!) remote compromises from recent years, but here they are again, with exploit details in case you didn't believe they're exploitable:
https://www.exploit-db.com/exploits/44890 "DynoRoot" for NetworkManager in Red Hat-likes
https://conference.hitb.org/hitbsecconf ... ilhelm.pdf CVE-2018-15688 for systemd networkd

Secondly, with a relative handful of users of desktop Linux, there are few people out there who are interested in building remote compromises, and also few people looking to see if anybody else has. That doesn't mean it isn't possible, it just means popular platforms get more attention.

Thirdly, you cannot rely on users never running anything they shouldn't, never losing any credentials, and no apps they use ever having vulnerabilities in. People make mistakes. Trusted services get compromised. Security needs to be layered and assume that other layers will fail, because ultimately shit happens. re the university that was trying to get vulnerable code into the Linux kernel... sure, the biggest open source project in the world backed - financially and with developer effort - by nearly every major tech firm might notice. But even then the number of CVEs in the Linux kernel demonstrates a lot of vulnerable code is getting in, deliberately or otherwise. And Debian has about 200,000 packages in its repositories. How confident are you that every line of source code in every one of those packages has been reviewed by somebody trained enough and paying enough attention to spot issues? Many of them are projects supported by a couple of developers in their free time, and highly trained security researchers don't find every bug on the first try either.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

Vertigo 7
Posts: 3458
Joined: Fri, 14. Jan 11, 17:30
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by Vertigo 7 » Sat, 23. Oct 21, 19:49

BaronVerde wrote:
Sat, 23. Oct 21, 18:53
Again, a Linux desktop or server takeover without any help from inside or the hacker having local access has still to be made, which is not the case for Windows and Android, right ?
Uhh no. The vast majority of that is dependent on the competency of the administrator. While it's certainly true that Linux administrators have a higher technical working knowledge than Windows and Android administrators (due in no small part to the much steeper learning curve to use Linux) on average, thus the average Linux administrator is better able to control firewall policies and access restrictions, etc., than the average Windows or Android administrator. Just being Linux doesn't make it more secure.

You see, the Linux OS can be easily made just as vulnerable as anything else by your average idiot that does things like disabling UAC on Windows, running everything as admin, disabling the firewall, etc., etc. - all the stupid things you see in your favorite cnet blogs and spiceworks forums. You think these people are going to be suddenly brilliant when they sit down in front of the supposedly more secure Linux OS? And IF users suddenly switched off to Linux instead of Windows that the malicious actors won't shift the main focus of their attention onto Linux? You think those cnet blogs won't change from Disable UAC to Give yourself root access and disable password requirements and other equally stupid things?

Security challenges for ANY operating system is largely dependent on the user base.

And the thing is, you know this.
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 20:37

red assassin wrote:
Sat, 23. Oct 21, 19:43
https://www.exploit-db.com/exploits/44890 "DynoRoot" for NetworkManager in Red Hat-likes
Granted, But was not really relevant for the desktop user.
red assassin wrote:
Sat, 23. Oct 21, 19:43
https://conference.hitb.org/hitbsecconf ... ilhelm.pdf CVE-2018-15688 for systemd networkd
Not granted because didn't allow control of what happened on the attacked side. Though systemd itself is still debated. Can you debate any windows component ? If unsure, don't use systemd, there are alternatives. That's Linux :-)
red assassin wrote:
Sat, 23. Oct 21, 19:43
Secondly, with a relative handful of users of desktop Linux,
lol, if you say so. Judging from a gamedev forum I'm sometimes on I'd say ~30%. That a lot of fingers for a handful, is't it ? But it is impossible to say with confidence because nobody can track the numer of Linux installations.
red assassin wrote:
Sat, 23. Oct 21, 19:43
Thirdly, you cannot rely on users never running anything they shouldn't,
I don't. Don't pretend I did. That's why I advise not to do so and to use an environment in which they can be aware. Are you aware of what comes on your Windows machine ? You'd probably need at least as much knowledge as one need under Linux, where that knowledge is freely available.

If you stick to that advice, you will not even need a pesky virus scanner any more.

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

Vertigo 7
Posts: 3458
Joined: Fri, 14. Jan 11, 17:30
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by Vertigo 7 » Sat, 23. Oct 21, 21:12

But wait a minute... systemd and networkd went through the gamut of opensource review and validation before being built into the distros! I thought that was the be-all end-all solution to eliminating vulnerabilities in OS's?! You mean to tell me it wasn't?! *gasp* *shock* *horror*

And even with an alternative available, with networkd being the default service in most Linux distros, are users supposed to know automagically that there's an alternative available and how to change away from it? inb4 "they can learn how to do it" the average user isn't going to want to learn how to change their system configs and service settings. They just want their stuff to work out of the box. And we're back to nothing is going to be different for the end users moving from Windows and now they'll have to learn linux command line functions to secure their machine. UPGRADE! :D

I do sincerely hope no one is following your advice if they're wanting to keep their machines secure.
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 21:22

Vertigo 7 wrote:
Sat, 23. Oct 21, 21:12
[..]
Trying to find the relevant information in the piffle ...you're, as before, just getting personal without arguments to discuss. For that one, there was no real predictable exploit (potential though, by chance, on some systems, but I think not on red hat and debian) or access gained.

Btw., the mere fact that such things come to light is the control through open source. the Linuxes can afford it, Windows too ? MS says no, I believe they were afraid even for Windows 10 when part of NT source code went public. There is an added reliability level in open source that closed source doesn't have, cannot have. You mus just trust MS that they do things right. That's your choice, I don't judge you or anyone. But I say there's a more secure, more performant, better documented alternative freely available. I have an agenda, I admit ;-) Though I am not going out and serach Windows vulnerabilities, my time's too precious.

There are, though, limitations to gaming under Linux in general, simply because few games are written for native Linux. But the good ones are, isn't that enough :-) ?

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

Vertigo 7
Posts: 3458
Joined: Fri, 14. Jan 11, 17:30
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by Vertigo 7 » Sat, 23. Oct 21, 21:44

BaronVerde wrote:
Sat, 23. Oct 21, 21:22
Vertigo 7 wrote:
Sat, 23. Oct 21, 21:12
But wait a minute... systemd and networkd went through the gamut of opensource review and validation before being built into the distros! I thought that was the be-all end-all solution to eliminating vulnerabilities in OS's?! You mean to tell me it wasn't?! *gasp* *shock* *horror*

And even with an alternative available, with networkd being the default service in most Linux distros, are users supposed to know automagically that there's an alternative available and how to change away from it? inb4 "they can learn how to do it" the average user isn't going to want to learn how to change their system configs and service settings. They just want their stuff to work out of the box. And we're back to nothing is going to be different for the end users moving from Windows and now they'll have to learn linux command line functions to secure their machine. UPGRADE! :D

I do sincerely hope no one is following your advice if they're wanting to keep their machines secure.
Trying to find the relevant information in the piffle ...you're, as usual, just getting personal without arguments to discuss.
I'm sorry if you feel that warning people away from bad advice is somehow personal. It isn't. Dunno what else to say about that.
BaronVerde wrote:
Sat, 23. Oct 21, 21:22
Debian for instance wasn't affected because they switched late to systemd. There was no real predictable exploit or access gained.
Good for Debian. You know what also wasn't impacted? Windows.
BaronVerde wrote:
Sat, 23. Oct 21, 21:22
Btw., the mere fact that such things come to light is the control through open source. There is a reliability level that closed source doesn't have, cannot have. You must just trust MS that they do things right. That's your choice, i don't judge you or anyone. But I say there's a more secure, more performant, better documented alternative.
Red Assassin pointed out to you that you also have to trust the distro maintainers and coders if you're going to use their things. What's the difference? I highly highly doubt you have personally reviewed every single line of code in your preferred linux flavor, or even most of the applications you've installed. So if you're fine with blindly trusting those developers, how is that any different than me trusting Microsoft or developers of any application I've installed?
BaronVerde wrote:
Sat, 23. Oct 21, 21:22
There are, though, limitations to gaming under Linux in general, simply because few games are written for native Linux. But the good ones are, isn't that enough :-) ?
So from many choices to few. Was that supposed to be an argument in favor of Linux? Because the logic of that escapes me.
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

BaronVerde
Posts: 477
Joined: Wed, 16. Dec 20, 21:26
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by BaronVerde » Sat, 23. Oct 21, 21:54

Honestly, I and probably nobody have/has any idea how many vulnerabilities and exploits, from harmless to zero day, there were and are for Windows. Many, that's sure, and many weren't even even found yet. We don't know, we don't have the code.

@Vertigo 7: No, I haven't looked at all the code, actually at almost none of it. The kernel alone is idk, are they at 40 million loc yet ? So that's a bit ridiculouls to assume a single person would/could do that. I could download it with a single command, yay 8) . But a few minutes ago I looked at the code of the systemd thing, and I must say that one is visible if you know what's going on (looking for it). And the visibility and open source nature helped the discoverer findig it.

https://bugs.launchpad.net/ubuntu/+sour ... ug/1795921

Btw., C is a language one can actually learn relatively easily.

Code: Select all

  /l、 
゙(゚、 。 7 
 l、゙ ~ヽ   / 
 じしf_, )ノ 

Vertigo 7
Posts: 3458
Joined: Fri, 14. Jan 11, 17:30
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by Vertigo 7 » Sat, 23. Oct 21, 22:19

BaronVerde wrote:
Sat, 23. Oct 21, 21:54
Honestly, I and probably nobody have/has any idea how many zero day exploits there were and are for Windows. Many, that's sure, and many have not been disclosed yet or where even found. We don't know, we don't have the code.
Ok, so? I'm sure the worlds most popular desktop OS is going to have some vulnerabilities discovered at a higher rate than the rest. No one is disputing that Windows has vulnerabilities. The point is that so does Linux, only there's not nearly as many looking for them. Whether the code is available or not doesn't mean a thing.
BaronVerde wrote:
Sat, 23. Oct 21, 21:54
@Vertigo 7: No, I haven't looked at all the code, actually at almost none of it. The kernel alone is idk, are they at 40 million loc yet ?. I could download it right now with a single command. But right a few minutes ago I looked at the code of the systemd thing, and I must say that one is visible if you know what's going on (looking for it). And the visibility and open source nature helped the discoverer findig it.

https://bugs.launchpad.net/ubuntu/+sour ... ug/1795921

Btw., C is a language one can actually learn relatively easily.
So what?! Just because I learn Japanese, that doesn't mean I can integrate into Japan's society. If you've ever spent any time coding, you know there's more to it than just knowing the language. If that's all it took, Linux, Windows, OSX, and everything else would be the greatest things ever of all time.

And I seriously hope you're not suggesting everyone learn C just so they can review Linux kernel code. I'm going to assume you know that people don't have the time required to invest in such an endeavor since you haven't done so yourself. Not to mention, the desire and drive to do that will be minimal, at best.

And since you haven't done that yourself and most users wouldn't do that, then you know as well as I do that they're trusting the distros are safe and bug free. Again, I ask you, how is that different than trusting MS or any other developer?
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by red assassin » Sat, 23. Oct 21, 23:58

BaronVerde wrote:
Sat, 23. Oct 21, 20:37
Granted, But was not really relevant for the desktop user.
? It affected desktop installs of any Red Hat like (CentOS, Fedora, Scientific Linux, etc).
Not granted because didn't allow control of what happened on the attacked side. Though systemd itself is still debated. Can you debate any windows component ? If unsure, don't use systemd, there are alternatives. That's Linux :-)
? That presentation literally gives a step by step walkthrough of how it's exploited to gain full remote code execution.
Systemd is everywhere, and systemd in particular isn't the point anyway - the point is that there are exploitable bugs in Linux core components just as much as there are in Windows. You can switch to Devuan or something to get away from systemd, but there's nothing inherent in systemd which makes it insecure in a way alternative tools aren't.
lol, if you say so. Judging from a gamedev forum I'm sometimes on I'd say ~30%. That a lot of fingers for a handful, is't it ? But it is impossible to say with confidence because nobody can track the numer of Linux installations.
A developer forum is in no way a representative sample! Desktop Linux is about 2% of the desktop market and 1% of the overall user device market. (Estimates will vary a little, but never higher than a couple of percent. This data comes from web traffic counts.) Edit: oh, and sitting pretty at 1% on the Steam hardware survey: https://store.steampowered.com/hwsurvey ... e-to-Steam
I don't. Don't pretend I did. That's why I advise not to do so and to use an environment in which they can be aware. Are you aware of what comes on your Windows machine ? You'd probably need at least as much knowledge as one need under Linux, where that knowledge is freely available.

If you stick to that advice, you will not even need a pesky virus scanner any more.
You are saying "just do this list of things and never make any mistakes and you'll be safe". But
a) you have exceptions to your own advice - "only ever run stuff from the Debian repositories! Except for this list of other things I use." - and I'd bet money nobody writing your telescope control software has ever put any real effort into security;
b) as discussed above you're reliant on nobody anywhere in the development process of all of the software in Debian making any mistakes, getting compromised themselves, or being a malicious actor, which is intensely optimistic;
c) people make mistakes, you and me included. It only takes one hasty click, one thing you didn't check properly, one thing you found on a support forum to get something working, one typo in an install command, etc to compromise your entire system.

I run desktop Linux, Windows, and macOS on different devices, as well as managing a number of Linux servers. Security isn't about "my operating system is great and everybody else's sucks". All software is vulnerable! Assuming that yours is the only one that isn't is a very literal false sense of security.

edit: also, as a bonus, I just remembered Google Project Zero's desktop Linux Bluetooth exploit: https://google.github.io/security-resea ... iteup.html
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

jlehtone
Posts: 21801
Joined: Sat, 23. Apr 05, 21:42
x4

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by jlehtone » Sun, 24. Oct 21, 12:30

Every OS has vulnerabilities. At least the user. However, can we say that security in GNU/Linux is in practice no worse than Windows?

If yes, then that is one tick on the checklist on viability of switching to GNU/Linux.

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: Linux for gaming, is this a good time to jump the windows boat?

Post by red assassin » Sun, 24. Oct 21, 13:02

I think that's a difficult question to produce a single definitive answer to. Certainly there are a relatively small number of attacks actually targeting desktop Linux due to the small install base, so it's safer in that sense. But Windows provides a lot of security features, many of which don't currently have Linux equivalents (Virtualisation Based Security and associated features, some of the control flow enforcement and pointer authentication features, etc, plus cloud based anti-malware tools, both by default and third party - if your Linux system does get compromised, there's nothing to try and detect that). And most Linux desktops don't currently take full advantage of a lot of the security features Linux does provide like containerisation and sandboxing. If security is your primary consideration, it's up to you and your threat model which you'd like to prioritise, really.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

Post Reply

Return to “Off Topic English”