Linux Hardening Guide

A reader sent me a link to what appears to be a very comprehensive Linux Hardening Guide by 'madaidan'.

I'm not exactly sure what to think about the author as far as their technical knowledge since they promote some stuff i do not necessarily agree with, such as using Tor instead of a VPN. The author is completely correct in that there are risks to be assumed with any VPN, however i believe, and i think the evidence dictates, that the same is true with the Tor network (see here and here for instance). Also the author complains about Firefox's security, yet the Tor browser is a fork of Firefox.

The author also makes some potentially sketchy claims regarding Android, stating that "The best option for privacy and security on Android is to get a Pixel 3 or greater and flash GrapheneOS".

From everything i understand, exactly none of the mainstream phones can be considered privacy or security friendly as long as the baseband firmware shares the same memory as the user-facing OS, nor can they be made to be so. Contrary to the authors advice, i would recommend, a) ditching your mobile if at all possible or, b) considering devices from PinePhone and Purism where the proprietary baseband firmware is isolated from the OS and which have hardware switches to actually (really) power off certain components. The author recommends to avoid these devices, but i'm not sure how strong of an argument they make and the arguments miss many other advantages of such devices.

Commenting in an area i know a bit more about, the author states, "You cannot configure your browser to prevent tracking either. Everyone will configure their browser differently so when you change a bunch of about:config settings such as privacy.resistFingerprinting and pile on browser extensions like Privacy Badger, you're making yourself stand out and are effectively reducing privacy."

That's a very crude statement in my opinion. First of all i personally don't recommend Privacy Badger. Secondly, standing out (appearing unique to a web server) is not a bad thing as long as the browser fingerprint isn't static. Firefox has many preferences other than privacy.resistFingerprinting which can be leveraged to make it more privacy and security complaint. I maintain two guides if interested.

All that said, the Linux Hardening Guide may indeed be a great guide and i think it's certainly worth a read.

Content update: script for Firefox

I made a few small changes to my script. This bash (Linux) script checks for updates to the 'arkenfox' user.js, my user-overrides.js, and also checks the last updated dates of my Firefox configuration guides.

The intention of this script is to automatically check for updates rather than running the 'arkenfox' updater script manually, plus it checks other stuff as mentioned.

The script can be download here and changes are here, however those already running the script will be notified automatically of the update.

Linux vs. Windows - from a privacy perspective

First of all let's make it clear that Linux is not an operating system (OS), rather it is the integral part of many Linux-based operating systems known as the 'kernel'. While there are perhaps hundreds of operating systems that use Linux, there is only one Linux kernel as far as i'm aware (not including forks). Similarly, most Windows operating systems use the NT kernel.

While there are many fundamental differences between the Linux and Windows family of operating systems, the most important for our purpose here is that most Linux-based operating systems are open sourced while Windows operating systems are proprietary black boxes. Given the title of this article, it may already be obvious which is the better choice for those of us who are concerned about our privacy.

Bill Gates never intended to help anyone, not then in the tech industry nor now as a philanthropist. Gates is one of the more evil people on the planet and this is evident when one reviews his actions.

Jeffrey Epstein, sex offender, with William 'Bill' Gates
Jeffrey Epstein, convicted sex offender, with William 'Bill' Gates

Although one of Gates' goals with Microsoft was to make himself filthy rich, i suspect he had others that were far more nefarious and which involved mining data from those using Windows operating systems. Indeed, data is the new oil and large tech corporations, governments and intelligence communities absolutely lust for it. Windows 10 literally meets the definition of a virus in that it harvests an enormous amount of data and information about the person using it without their explicit consent and sends that data over the network. Contrary to what some Windows geeks might believe, there is nothing one can do to mitigate all the potential risks simply because all the risks can never be known.

It is simply not possible to trust any proprietary operating system or software. If the source is not published than, other than those designing it, essentially no one can audit it, and if you cannot analyze the code, then you cannot know everything it is doing. Windows is a black box and there is reason to suspect that back doors have been built into it that can be accessed by certain third parties, such as intelligence communities. Whether such back doors exist or not doesn't matter because the fact is, one can never know for sure.

Linux, on the other hand, was designed by Linus Torvalds for his own purposes. Upon realizing that it could be useful to others, he published the source code on the internet for free. He too likely could have become an extremely wealthy man, but unlike Gates, he chose to help people by giving away his work. That ethic has been carried forward by many thousands of people in the Linux community. Although the kernel is apparently heavily developed by large corporations today, the code is still open source, as is most of the software, and Linus is still involved in the project.

While you may think that i'm a Linux fanboy, i assure you i'm not. There are a lot of problems with Linux-based operating systems and you can read about some of my criticisms in my article, A personal perspective: From Windows to Linux to Windows to Linux to.... I didn't choose to use a Linux OS because i liked Linux, i chose to use it because i saw it as the only viable choice. Once i understood that Windows could not ever be trusted with my privacy, regardless of how many tweaks, registry edits and anti-spyware tools i threw at it, and once i decided that my privacy was more important to me than a workflow that i'd become accustomed to, the decision to abandon Microsoft made itself. All i needed to do was find a replacement.

How much you value your privacy is your choice, just know that with Windows there can be no reasonable expectation that it isn't spying on you. Should you decide to experiment with alternatives to Microsoft Windows, you may want to read the article i linked to earlier, as well as Sick to death of Microsoft Windows spying on you? Here's a solution....

Sick to death of Microsoft Windows spying on you? Here's a solution...

I'll keep this (semi) short and sweet. Think of this as the 'Dumping Windows for Dummies!' guide in the interest of privacy and security.

If you're sick of Winblows as a desktop operating system (OS), then you have LOTS AND LOTS of options from which to choose... as long they're all Linux. Yeah there's Mac, but that's just a different flavor of crap, and beyond that there's not much else other than Linux, assuming you want a reasonably easy to use OS with a large selection of software. ReactOS seems like it might be a decent open source alternative to Wintendo, but development is so painfully slow that we'll all be DEAD by the time they release a 1.0 stable (and i've been watching the project for... what? FIFTEEN YEARS?

The problem i, and many others have had when switching to Linux, is the shear number of choices there are. It can get real confusing real fast and i think that has maybe put a lot of people off. Not only do you have to pick a particular "flavor" of Linux (there are hundreds), but you also have to choose a "desktop environment" (DE). If you don't know what a DE is, it is the Graphic User Interface (GUI) that provides a comfortable way for us humans to interact with our computers. You know, all those buttons and widgets and icons and things? That's called the "desktop" or "user interface". With a Linux-based OS you can have several choices for a DE and that complicates matters even more. Avoiding all this hassle is one of the goals of this poor excuse for a guide.

Having a good deal of experience with WinDoze (noticing all the derogatory names i have for that pile of proprietary shit?) and some experience with Linux-based operating systems, which i've been using for the last 4 or 5 years, here's my personal advice...

Go to and download the generic 64 bit edition of Manjaro with the KDE desktop. The file you download will be an ISO and you need to write that to a DVD or USB stick (do the latter if you can since it's quicker). For writing to a USB stick you can use Rufus, or any other software that can create a bootable image.

With that done, jam that USB drive (or DVD if you went that route) in its socket and reboot. As your computer starts you'll need to boot from the USB or DVD drive instead of the drive that holds the Winlouse virus. How you do that depends on what kind of boot firmware is installed (BIOS) so you'll have to figure out which key to press in order to boot from your USB/DVD drive. A little searching of the interwebs should yield results without significant damage.

Assuming all that went OK, you'll have booted Manjaro Linux (yea!) and you can play with it all you want before deciding to install it.

Installing a non-Windows OS on a Windows machine can be easy or tricky depending on what kind of boot firmware is installed (BIOS or UEFI). With BIOS firmware the process is generally easy; click the installation icon on the Manjaro desktop and follow the prompts. If you're unfortunate enough to have UEFI firmware, the process can be a little trickier. You can thank Micro$oft for that, in part, because the assholes in Redmond don't want you running anything other than Wintendo. Either way, you should be able to learn all you need to know in the Manjaro User Guide.

Once Manjaro is installed you should be able to figure out the necessaries. The KDE desktop isn't a whole lot different than something like Windows 98, XP, Vista or 8. Windows 10 is a different animal and one reason i had for writing this is to prompt those of you running 10 to get the hell rid of it. 10 is SPYWARE and nothing less!

If you need more help, let me know. In the mean time...

Linux goes ((( inclusive )))



Linux Kernel Preparing New Guidelines For Using Inclusive Terminology - Phoronix

Prominent upstream Linux kernel developers are working on adding "inclusive terminology" guidelines to the Linux kernel coding style requirements.

The new inclusive terminology documentation applies to new code being contributed to the Linux kernel but ultimately in hopes of replacing existing code with words deemed not inclusive. The exception being granted though is where changing the terminology could potentially break the user-space ABI given the kernel's longstanding guarantees on not breaking that interface.

These new guidelines for Linux kernel developers call for initially avoiding words including "slave" and "blacklist" to instead use words like subordinate, replica, follower, performer, blocklist, or denylist.