Although “custom Windows ISOs” are a big security risk, AtlasOS isn’t a “custom ISO” and running a random binary off some guy on YouTube is arguably just as bad. He has next to no knowledge of Linux, neither do any other “Linux YouTubers”. Trusting someone like that with your Linux machine is risky at best.
Lets go through the summary and see if anything is wrong or misleading:
Linutil is a distro-agnostic toolbox designed to simplify everyday Linux tasks. It helps you set up applications and optimize your system for specific use cases. The utility is actively developed in Rust 🦀, providing performance and reliability.
sudo pacman -S networkmanager as “helping”, even when it ignores existing network configuration.So lets revise the short description, to exclude any incorrect/misleading statements:
Linutil is a toolbox. The utility is actively developed.
Alongside all that, the “installation instructions” include the biggest sin of all:
curl -fsSL https://christitus.com/linux | sh
TL;DR Never trust Chris Titus, or any “Linux YouTuber”, with your Linux machine. They do not know what the hell they’re doing.
mount -o remount,ro /
I think the last thing you’d have to worrh about is your job when nearly all infrastructure collapses.
Despite the downsides of F-Droid, there’s one thing they provide that other stores like Accrescent simply can’t. F-Droid provides APK builds with the exact source used for the build available. There’s a lot of trust involved, but this trust is in a single entity, rather than random developers. F-Droid has existed for a long time without adding malicious code to builds, so when they say “this source code produces this APK”, they have years of history doing exactly that to back their claim.
A random app developer has no such trust built up. Stores like Accrescent, even if you download only FOSS apps, trust the app developer with building apps. It’s less prone to one massive takeover, but APKs built by random devs are much harder to verify and check for malicious code than the source code. If F-Droid is taken over, it should be noticed relatively quickly, but affects everyone using F-Droid. If an app on Accrescent bundles malware, only users of that app are affected, but it may go unnoticed for a much longer time.
This person uses an 8GB mac, and tried to defend Apple in the debate, going as far as to say that Apple hardware is “not that expensive”, and within 2 months regrets buying the 8gb mac.
They think Open Source is “overrated”, insecure, and not important. They think Linux users are “normies” and fakers, Linux is not a desktop OS, and have explicitly stated “F*** LINUX”.
That’s a lot of terrible opinions in just 4 months, especially for someone who calls the internet “stupid”, and supposedly doesn’t have any education.
This is either a troll account, or someone with less than zero credibility considering their opinions and statements.
Android is a dead end for FOSS in the future, but moving from one corporate owned semi-proprietary OS to another doesn’t solve anything.
iirc NPxSP was getting messy internally, the author went and rewrote a lot of things
Depends on how it’s implemented. Anyone using a “media proxy” will see their discord bridged media probably fail to load (outside of possible caches) after a day. Anyone who has their bridge configured to reupload discord media to their homeserver should see no change.
The times I calculated were indeed going over every possible combination, it would take half as long to crack a password on average. Considering reducing the time to 1/1000000 still leaves you with an incomprehensibly large estimated timespan, dividing that by 2 doesn’t do that much for making it brute-forceable.
I did note it was specifically for 8 emojis, not 8 characters or bytes.
And yes, it’s very impractical and likely to break things. It’s better and much easier to add extra letters, numbers, and symbols to your password rather than using emojis. Using a password manager is even better.
As you stated, a single unicode character would mean your password wouldn’t be included with the potential options in almost all brute forcing tools. Whether you use 8 emojis or 1, your password likely won’t get brute forced.
All of my “emoji password” numbers are if the attacker knows it’s a password containing exactly 8 emojis, and nothing more. Adding a regular symbols+upper+lower+numbers 16 character password would make it even more impossible to brute force.
For somewhat more realistic numbers:
According to minerstat.com, an NVidia RTX 4090 has a hashrate of 118.07MH/s. This is 118.07 Megahashes per second, or 118.070.000 hashes per second. For a password with only 8 lowercase letters (208.827.064.576 combinations), it would take an RTX 4090 approximately 1769 seconds (or ~30 minutes) to go through all possible combinations. For an 8 character upper+lower+numbers password (218340105584896 combinations) it would take 1849243 seconds, or 21.4 days.
For an 8 emoji password (32482071647592311234920185856 combinations), it would take 275.108.593.610.504.896.512 seconds, or 8.723.636.276.335 years.
Lets say a magic prediction algorithm reduces the number of possible combinations in each password to 1 out of every 1 million previously possible combinations. 8 lowercase letters would be cracked instantly, while an 8 emoji password would still take 8.723.636 years.
NordPass is completely incorrect on the "it makes a password easier to “crack” thing.
I absolutely don’t recommend using emojis in your password, as it is far too easy to get locked out. However, a password containing an emoji is significantly harder to crack.
Hashing is a process used to calculate a large number based on some input data. If the input is the same, the output is the same. If the input differs just slightly, the output is completely different. This process is mathematically irreversible. Since this (and other techniques) is often used for passwords, to “crack”/bruteforce a password, the attacker has to go through every possible combination of input data, calculate the hash, and check if the hash is the same as the password hash.
To make the process of bruteforcing a hash quicker, an attacker often makes assumptions about the input data. If they know a password contains 8 characters, and only lowercase letters, this massively narrows down the amount of passwords that need to be hashed and checked. If they know the password contains someones birth year, that too reduces the time to bruteforce a password.
The more possible characters you have per position in your password, the longer it will take to bruteforce. An 8 character password with just lowercase letters has 208.827.064.576 possible combinations. This sounds like a lot, but it’s often bruteforced rather quickly. Adding uppercase letters and numbers to that, we’re already at 218.340.105.584.896 possible combinations. That’s ~1000x more combinations, and that’s for 8 characters. It’s the difference between bruteforcing taking a day, and taking 1000 days. (Do note an 8 characters lowercase password probably only takes like a few seconds to minutes, not a full day.)
According to https://emojipedia.org/stats there are 3664 different emojis. Lets say we create an 8 emoji password. (some emojis aren’t one character internally, the same principle still applies.) Just 8 completely randomly chosen emojis. That password would have 32.482.071.647.592.311.234.920.185.856 different possible combinations. That is about 148.768.232.755.857 times more combinations than an 8 character uppercase+lowercase+numbers password. That is the difference between bruteforcing taking a day or taking 407584199331 years.
The same things as non-emoji passwords still apply, you can make assumptions about which emojis are used. People aren’t entirely random, so chances are higher they used some of the more common emojis. However, that is similar to prioritizing the letter “e” because it is more common. Yes, it’ll probably reduce the time taken to bruteforce a bunch of passwords, but it’s not set in stone that every password will even contain the letter “e”.
Again, due to the potential of breaking things, locking yourself out, etc. I DO NOT recommend using emojis. Use a password manager with longer passwords.
However, including an emoji in your password makes it significantly more difficult to bruteforce. As the assumption that the characters in your password are letters, numbers, and symbols no longer holds, which drastically increases the possible number of combinations.
Currently on Phosh on postamarketOS. Would’ve loved to use Plasma mobile but it is very unstable.
Depending on the application you used to alert you of the AirTag, it’s possible that your phone did not send location data back to Apple.
Apple can track AirTags, because iPhones are programmed to listen for them over Bluetooth Low Energy, and send the ID of the AirTag and location data of the device to Apple.
If your Android phone has an application to listen for BLE devices in the background, keeping track (locally) of which devices it saw in what locations, that application can tell you if you’re travelling with an AirTag (or similar device). It might even be able to interact with the AirTag, such as making it beep or reading its ID. If that application doesn’t send your location to Apple, the AirTag was not able to use your phone to make its location known to the owner.
Therefore, to the owner, AirTags are useless unless an iPhone (or other device that sends its location to Apple) is around.
I can personally vouch for how toxic the Discord server and its moderators/admins are. Went there for support (Hyprland was crashing on startup on AMD, sway worked fine), and was told something along the lines of “if you can’t figure this out you’re stupid and you should stop using Linux”. Figured out the issue on my own and stopped using and recommending Hyprland after that.
Not just the “lack of APKs”, but the lack of a FOSS build. As you noted, it is possible to instal an AAB by extracting the APK(s) inside, but that doesn’t magically remove non-foss libraries.
The only build is an aab file. This is a Play Store bundle file, not an APK, so not directly installable in Android without the Google Play Store.
The only build being a Google Play release also indicates that non-foss libraries were likely included, such as the FCM libraries, as is common for GPlay releases of otherwise FOSS projects.
As far as I’m concerned, Element X for Android is not available yet, unless either building from source (with modifications to included libraries), or by using a non-FOSS version from GPlay.
Your iPhone 13 syncs slower over USB because Apple decided to stay on Lightning connectors, which use USB 2.0 on the other end. Although FireWire was faster back when it co-existed with USB, the USB standard has surpassed it a long time ago with more power, faster speeds, and better physical connectors.
“clean driver install”, which heavily suggests you installed nvidia drivers, probably from the website. That issue is entirely on you.