It’s true it could be better. They used to be more open source. Like they used to just publish their firmware source as they released it. Now days they hold back the current generation till the next gen is out. They mentioned this was so they could be more competitive with companies that do less R&D and more cloning.

Like even their slicer was just reskinned etc. it’s in peoples rights to reskin an open source slicer but I see why they did it.

Maybe “was” is the better word. Still better than things like Bamboo though.

https://github.com/prusa3d

Interesting that people might think this. Prusa was/is THE open source printer company.

TIL. Very cool.

Solaris was beautiful. But it could have been more secure if it had Mandatory Access Controls. One compromised app running as root, or one privilege elevation exploit and without mandatory access controls you’re done.

Even with user contained exploits without MAC you expose way too much.

Edit: Turns out Solaris had a MAC enabled variant called Trusted Solaris! I could have seen myself using this if Sun was still around and OpenSolaris had panned out.

https://en.m.wikipedia.org/wiki/Trusted_Solaris

In conclusion Solaris was not junk.

I like the fact that it is a solid mandatory access control system. With SELinux you are substantially more safe than without.

For example. Let’s say you are running a compromised version of OpenSSH. Threw a XZ style back door a hacker gets in as OpenSSH (which runs as root).

Without SELinux the system is fully owned. With SELinux the attacker can only access what OpenSSH needs to access even if they have root. They can’t just chmod files and folders wherever. That means your photos and application data are still secure. With the pre written SELinux policies this applies not just for OpenSSH but for every piece of software installed on your system. Everything is limited to the exact folders, ports, and system capabilities that it needs and no more. Even stuff like seperate websites being served under Nginx. You can have Nginx-subgroup-1 and Nginx-subgroup-2 where the applications can’t see each other even though they are being run as the Nginx user.

I don’t trust any Linux distro without this security layer.

It’s a little difficult to learn and master, but it’s totally worth it if you care about security.

Redhat put out a comic about it a few years ago explaining the basics. https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf

Thank goodness for selinux. Without it Linux would not be a secure OS.

And no AppArmor does not do the same thing. You need the mandatory part for mandatory access controls to work.