Oddbean new post about | logout
 Woeusb seems promising
Ventoy also seems promising. Will get back to it this weekend and get it done 
 yeah, ventoy is super handy 
 Ventoy ended up being the winner! Thanks so much! 
 it makes it so much easier 
 Yeah im going to devote this usb stick to it now. No more reimaging the drive 
 Ventoy is awesome!

I think I'm going to try Endeavor next 😮  
 That’s just an Arch based OS? Why is it good? 
 Well its supposed to be more better than Qubes as far as hardware compatability and UI goes.
But you can still get the same containerization and security guarantees fairly easy,
so I am told anyway.

I've never run arch before and this seems like the perfect way to start. 
 I’m currently looking for a flavor of Debian which is more updated (like Ubuntu) but doesn’t use snaps

The containerization of apps sounds interesting 
 yeah snaps are a pain
i would absolutely be into something like that too but dont know anything outside vanilla Debian 
 ironically, snaps are containerization, but the problem of permission to access files is the actual problem

android has a permission you have to enable for any app you want to read the base system disk... snaps don't seem to have that working right, and it should just be default on with the app config folder in the expected location...

you'll have fun discovering it's the same problem

more generally i don't like it, i prefer to install apps on the base system

about the only app that i think has a real security need to do it is browsers, so actually what would make more sense is to install everything else normally but dumb shit with dumpster fire capacity to run arbitrary code should be in containers

if it can't run arbitrary code it's literally not a vulnerable system, assuming it doesn't have stack smashing or other buffer overflow vulnerabilities... for the most part, boost, and most languages have plugged that one up anyway

it's really just the "it can run arbitrary code" problem... it would be solved if the execution engine itself was containerised but what about when you want to download files to the rest of the filesystem? that again requires a permission

the real elephant in the room about containerizing apps is literally the web browser engine 
 this is a good point.

its great to hear a more holistic point of view on the topic