Skull giver

Administrator is not root. NT AUTHORIRY\System probably comes closest. You rarely need to interact with that account because Window’s security system doesn’t have the same mix of authentication systems most Linux systems have (users + container APIs + PolKit).

Windows also supports mixed case filesystems just fine. It’s not the default, so your programs will probably screw up, but it’s just a flag. You can also mount filesystems like ext4 and btrfs on Windows (though booting from them doesn’t really work).

Also, Windows runs Libreoffice and GIMP just fine. You don’t need to, because you have better sofware available (pirated or paid).

As for security, Windows is MUCH better unless you’re a cybersecurity specialist with too much time in their hands. Most major distros don’t even come with a firewall enabled by default, let alone a firewall for outgoing traffic. And the best AV I’ve seen for Linux is Microsoft’s enterprise version of Windows defender. In terms of hacking tools, they’re mostly written in languages Python, most of them work on either platform.

For development, Linux has a slight edge, but with WSL2 it really doesn’t matter much.

Running Linux on computers with Nvidia hardware proves that Linux and Windows both have their problems dealing with device drivers. Linux’ benefit is that is has higher standards because the kernel devs need to sign off on driver, but that has downsides of turning away potential driver developers (as getting your code into Linux is a quite a complex thing just on its own). Linux also doesn’t have many drivers in general it seems, unless your device has some kind of generic fallback that disables any special features.

My kernel panics generally don’t display anything, the display just freezes and I need to force reboot the computer.

They’re teachers, they already have a full time job, they don’t need a side job of syadminning their own laptops.

I know several companies that, because of bad network planning, have ended up using public address ranges as internal IP addresses. IPv6 would’ve solved this easily, but I don’t think the relevant network admins ever bothered to learn network configuration beyond 1990. But hey, who needs that arbitrary /8 anyway, right? Not like anyone’s going to host DNS on 1.0.0.0/8!

If you still use MBR, and Windows has an update to its bootloader, yeah.

I don’t even know if Windows 11 still supports MBR, though. Maybe it’ll happen if your firmware is broken and always boots from the fallback bootloader instead of the normal boot entry? But in that case Windows is right and the firmware needs an update.

In the instance of UDP handshakes yes, you need local software to initiate the connection on one of your devices somewhere (I highly doubt that your home router verifies the origin of those packets, so a hacked printer or IoT crap can open ports to your desktop no problem). Other problems are harder to solve.

NAT is great at what it does, but it does not guarantee security. It blocks straightforward attacks, but brings in tons of edge cases and complexity that sophisticated attacks can abuse. At the same time, the same security can be achieved using IPv6 and a firewall without all the complexity.

It’s a neat workaround that means you don’t need to mess with subnetting and routing tables when you do stuff like run virtual machines and when your ISP doesn’t offer IPv6. It was designed so larger businesses with 10 machines could access the internet without spending a lot of money on a /30, not to replace firewalls, and it still works well for what it’s designed to do.

Even if they’re marketing BS, some decent mainline support for Qualcomm chips is always welcome. It’ll help projects like postmarketOS and mobile Linux distros massively to have more usable Qualcomm code.

Not really, though. It was never designed as a security boundary. You can “open” a UDP port by sending UDP packets to another host, and then that host can send UDP packets to you, for instance. Usually the IP addresses of the two hosts are exchanged through a third party, and that’s how STUN/TURN works in essence. Without this, you’d need to port forward every UDP connection manually, both incoming and outgoing.

NAT only protects you when you have hosts that only communicate along preset routes, but then a normal firewall will also work fine. It’s not like having a public IP means any traffic will actually go through, every modern consumer router has a standard deny all firewall. At best, it sort of hides what devices are sending the traffic.

Meanwhile, NAT has flaws breaking traffic (causing NAT slipstreaming risks, like I linked elsewhere). It also has companies like Nintendo instruct you to forward every single port to their device if you have connectivity issues. If that forward is not towards a MAC address, and your PC gets the IP your Nintendo Switch used to have, you’ve just disabled your firewall to play Animal Crossing.

If you want to, you can do NAT on IPv6. Every operating system supports it, even if it’s a stupid idea.

Unless you’ve gone out of your way to disable the H.263 NAT ALG, NAT actually allows websites and other services to open either random ports on your machine (if using business firewalls) or ports on any device on your network (many consumer routers).

If your router allows you to disable SIP ALG and H.263 ALG, you should. If it doesn’t, well, maybe they’ve been patched? If you’ve applied a kernel firmware update to your router the last 1-2 years you may be safe (though not many vendors will bother updating the kernel when updating their routers). You’ll lose access to SIP phones and some video calling services over IPv4, but at least some Javascript on a random blog won’t be able to hack your printer.

This wouldn’t work with IPv6, as these two protocols just work with IPv6 (and IPv4, as it was designed). ALGs are hacks around protocols, rewriting packets to make all of the problems NAT causes go away.

More info on this here: https://www.armis.com/research/nat-slipstreaming-v2-0/

Hurricane Electric will give you a bunch of free /64s and a /48 to play with, which you can set up for tunneling on any IPv4 connection that doesn’t block ICMP traffic to HE. You can set this up within a range of routers, but if your router doesn’t support it, you can also set it up on most PCs (Windows and Linux for sure, for macOS you’ll need to check, but I’m sure it’ll be fine).

You can also use IPv6 locally by simply advertising a subnet from the right range (an ULA), which is also useful for maintaining internal addressing if you do get normal IPv6 but your ISP is a bunch of dickwads that rotate the subnets they hand out (likely to happen if they make you pay extra for a static IP right now).

This has nothing to do with IPv6 itself. I pull in 4K YouTube videos over IPv6 just fine. My IPv6 routes actually have lower latency than my IPv4 routes, funnily enough.

Sounds like your ISP has broken their IPv6 routes, or your modem is outdated and can’t do IPv6 hardware acceleration. Disabling IPv6 to downgrade your connection will work as a workaround, at least until your ISP switches over to something using IPv6 as the connection backbone (like DS-Lite, which would allow your ISP to significantly reduce their IPv4 space and make a quick profit selling off their allocations, which is unfortunately becoming more and more common).

Your ISP or modem manufacturer needs to fix the actual problem here.

Actually, the Dutch government has mandated that all of its services need to be IPv6 compatible.

The longer you try to avoid IPv6, the harder you’ll make your life when you eventually need to use it.

It’s really not that hard, especially compared to the kludge of protocols that make up IPv4. I know change is scary and difficult, but if you can do IPv4, you can do IPv6.

Then, what prevents whosoever, to copy that file through cloning the complete disk?

Nothing. At most, you can have a hardware encrypted drive that won’t permit access to the encrypted data without a password, but the file will remain available after unlocking that. Plus, dedicated people (law enforcement, data recovery specialists) may be able to get access to the flash chip itself unless you buy one that self destruct on any tampering attempts (and even those have flaws).

You cannot prevent copying of data if that data is readable at disk level. At most, you can make the data useless by padding a layer of encryption (as well-encrypted data may as well be random data without the key material). That’s why everyone is going for encryption: encrypted files may as well be inaccessible to anyone who doesn’t know the passphrase. There’s no sense in copying a file which you cannot possibly read any bytes from.

If the key is gone (i.e. the real key is a password protected file that gets overwritten so even the password doesn’t work anymore), the file becomes irretrievable. This is sometimes called “cryptographic erase” in the context of disks. There are variations of this, for instance, storing the key in the computer’s processor (fTPM) behind a password, and clearing that key out. There’s no way to get the key out of the fTPM so it cannot be backed up. Even if someone were to guess your password, the file will forever remain locked. Or at least until someone manages to break all cryptography, but even quantum computers don’t know how to do that part yet.

If you’re willing to go deep, you could reprogram the firmware on your SSD/HDD to refuse reading the file. A few years back, someone made a proof of concept firmware that detected disk imaging attempts (because all blocks on the disk were read in order) and had the firmware return garbage while secretly wiping the disk when this detection triggered. You could, in theory, write firmware that refuses to read that block of data. However, if whoever you’re hiding this file from know about that, they can take out the platter/memory chips and dump them directly, bypassing your firmware entirely.

“undoing the protection should include filling in a password” That sounds like an encrypted drive. There are USB keys that’ll require software to enter an encryption password before you can do anything (including deleting the contents).

If you’re on Windows, try Bitlocker or Veracrypt. You can create hard disk images that can be mounted temporarily with a password.

Same can also be done on other operating systems, though I don’t know what tools yours come with.

In a pinch, you can just create a password protected 7zip archive, though viewing and editing those files usually involves a temporary copy.

There’s no way to prevent a file that’s loaded in memory from making it back to the disk. The best you can do is also encrypt the system drive so only people who know the encryption password can boot the computer that’s accessing these files.

I know it’s not an insult, but for a language that’s supposedly trying to make programming more like English, it’s an odd choice.

Actually, Windows has implemented quite a few tricks to make this very difficult without setting off antivirus engines at least. X11’s security model is absolute trash compared to Windows Vista and above. Linux is getting safer with Wayland, but Linux on the desktop hasn’t had the XP SP1 security humiliation that Windows had so almost all of it is opt-in.

Solving the issues Windows has already solved with things like integrity levels will break compatibility with many applications (it also did on Windows, which is why Vista made you run everything as admin) but simply enabling the Flatpak sandbox can solve many problems already.

I wonder if there’s a desktop distro out there that enforces sandboxed applications by default. It would make running Linux a lot less risky.

C is a terrible language, but it’s at least reasonably concise and readable when you need to punish it into doing what you want without crashing.

VBA is clunky for just about everything it does, because it tries to be as readable as SQL but fails miserably. I’ve never found out why all it calls all of my variables dim but it sure doesn’t provide reasonable code.

You don’t get the memory corruption you get when writing C code (though you can make it happen) but it’s just not a very suitable language for just about anything. It tries to take the easiest thing in programming, the syntax, and optimising on making that easy.

The biggest problem with VBA is that it’s abused by office workers that need a real application but can’t and won’t get any time and budget to make or acquire one. You end up with the world’s shittiest code imaginable, written by people who aren’t programmers, driven to desperation. Opening someone else’s VBA code is like opening someone’s browser history, no matter how good your opinion of them is, you’ll find something that’ll make you question your view about them if you scroll long enough.

The “real programmers” that like writing code full of memory corruption and null pointers have a hate boner for everything that tries to make their job easier, probably because they feel like they’re only valued for being able to write code and afraid of being found out. Visual Basic 6 allowed Junior programmers to write applications that worked fine for literal decades in a week, while any “hardcore” developer would’ve taken a month getting the string validation right.

The same senseless hate is also present with PHP, where the arguments against the language usually come down to “I don’t like the syntax” and “this ten year old code base I used it in once was super bad”. VB also has the downside of being slow, although with VB.NET you can write powerful VB applications that perform as well as their C# counterparts.

I tried to go back into VB after learning other languages but I just can’t think of any way in which it’s a better choice than something like C#. The Basic ecosystem Microsoft set up, where you can throw together an application in minutes and it just works, is absolutely amazing, and something I still miss on Windows every day. The language itself, with all of its quirks and stupid syntax structures, I don’t.

One thing I’ll give VB is that it has the most hilarious but sometimes quite practical error handling statement I have ever seen (ON ERROR RESUME NEXT) that will literally ignore any error and just keep on trucking. Whenever I see three levels of methods try/catching each other and passing error objects along at the very end, I long for an ON ERROR RESUME NEXT that would just let me do all of the error handling at the very end.

It’s true, these days Filezilla runs on Windows 10 and uses sftp instead of FTP!

deleted by creator

deleted by creator