jutty

Yeah more like safety in numbers than reading every line of code you run, which is impractical and only warranted for the most extreme threat models.

I don’t think plugin devs add such features too often. More likely will focus only on their functionality. Plugins are better avoided if you are concerned. They are often abandoned and possibly bound to weak auth systems as compared to the main program source channel. The advantage is their code is usually much much shorter and easier to check out yourself.

Can vary a lot from project to project. Usually there is a bottleneck where new code is certainly getting looked at before being merged, not that things can’t go unnoticed. Depending on the size of the project, full audits can be performed by third parties. If it’s popular enough or there are bug bounties up, random people might be looking for issues as well. In general, the less popular, the less likely it is someone has recently taken a look at the code.

I’m focusing on the lock screen as having one single job to do well: protect the session from any access not granted exclusively through the password.

You posit this as if the attacker and the killing of the lock screen were connected: the attacker can only kill if they already have malware, so “it doesn’t matter”. But the point is, if the lock screen won’t relinquish access upon receiving the kill signal, even if the attacker had compromised this vector, or if there were some other cause behind the lock screen dying, crashing, whatever, access would not be granted in the first place. It stops at that layer.

Thinking in terms of “if they already can access the system, whatever” is different from thinking about security in depth/layers. So its not so much about the cause of the problem, but where you can contain it. This threat (a physical access attacker) is pretty extreme, but if we are going there, then yes, it’s not unfeasible to think that they could leverage this weakness to go from a possibly limited shell access to a fully unlocked physical session where you could have unrestricted access to e.g. a browser or unlocked password manager or other in-memory information.

But the two things don’t really need to be connected. The lock screen having a secondary way to allow access that does not require the password is a weakness in itself, that the attacker could exploit, but that should not have been there in the first place.

Not all processes that can send a kill signal to another process have the same degree of access as physical access. The fact they are already running inside the session doesn’t automatically imply they have unrestricted access. In fact, you could argue no access at all a process has can compare to physical access. So that’s quite an escalation.

If killing your lock screen unlocks the system, that signals there is actually little protection. Killing a lock screen should kill the session and log you out, or at least render the session unusable.

If you still want to go that route, you could wrap your hibernation process in a script or use a slightly more complex service setup to kill it once, by inspecting system/service state and enqueued systemctl operations, you determine hibernation is done (not pending)

I think the ethos of open source flips this thinking. You should not trust. Microsoft may not be noting down your banking details, but you actually don’t and can’t know if it is. What it is doing is storing other personal data, because that is in its policies. Now, to what extent it takes advantage of this capability and permission, it is again unknown and unknowable.

Microsoft may be a big corp, but some distros are the backbone of highly critical systems, and collectively they run the vast majority of servers.

You don’t “trust” your distro. Or your laws. Everything being done is in the open, so you can see for yourself. If you lack the knowledge to do that, there are others who are doing it and many are sharing what they find. You will “trust” on some level, because of its reputation, how established it is, but trust here means something very different from letting a huge blob of unknown code do whatever it does because I trust you.

That’s the best, safest way. By the way, you can do the same thing from a flash drive too, if it has enough space to hold the system. I don’t mean as a live temporary system, I mean you can just point the installer to a second flash drive as the install disk and it won’t care.

For Debian there’s Preseed, for Arch there’s archinstall, for a Fedora/RHEL there’s Kickstart, for Alpine there’s setup scripts, for distros with fully manual installs, you could just write a script?

Automating your install is something any sysadmin and mainly any distro developer will quickly reach towards, so it is something almost certain to exist.

Though, if I understand you, you’d want that to be “sourced” from an existing system, yes? I can see the use of that… NixOS is likely the closest to what you want, since you are always defining a full declaration of your system.

The PC itself as in hardware? Hardly… Your data is at risk. So ignoring updates for both Mint and Windows will put you in a more vulnerable position from a security standpoint.

If you are asking if not updating Windows will make your Mint system insecure, the answer is no. At least to me an exploit leveraging an unmounted Windows partition is unheard of. It will of course make your Windows system less secure for the 2% of the time you do use it. Another side effect of updating it is that it may break your dual booting.

I use PDF Arranger a lot for that

https://github.com/pdfarranger/pdfarranger

I switched recently from neomutt to aerc and yes, if you want less complicated configuration, it’s a great pick. I find it less buggy and just best designed overall.

I never tried Gmail or Exchange on it, but this should have some helpful info on that: https://man.sr.ht/~rjarry/aerc/providers/

After some manual reinstalls and much repetition, I’ve been using a custom script for the past year or so, which I’m slowly open sourcing through a rewrite.