Indeed. Even PCManFM drags it in for something as trivial as the recycle bin functionality. For a light file manager use-case, the author made an error here. For our virtual desktop system I ripped it out and patched in my own solution. Purposely not following the freedesktop specifications.
Just because it doesn't peg the CPU doesn't mean it doesn't slow things down, and my main concern is security anyway.
I consider "free"desktop the exact meaning of linuxisms
actually it dose with a extra deamon not running and millions of lines of code not being executed around the thousands of pakages it really improves the speed of everything. also it's not about only the speed it's about having a extra and totally unnecessary out . with bloat you have a extra surface for attack a extra chance of a crash and a extra chance of unexpected behavior and etc
Not Linuxisms exactly but these days they attract the same kinds of weird decisions. Something about "graphics" and "desktop experience" seems to attract heaviness and
Kind of. It was more because Xorg kept flapping about trying to decide on hald or other bad ideas.
Option "AutoAddDevices" "false"It's a bad design implemented to work around the Unix permissions model. No Dbus bug here, and still results in a privilege escalation:
Fair enough; though I do use a laptop daily and it still worked well enough for me. Admittedly i do not ever plug in an external mouse or keyboard. *My* laptop comes with both inbuilt
Exactly right. A security tight desktop should probably come without *any* GUI capabilities and especially not a graphical file manager. So dbus has limited use at that point anyway.
You only have real security if the computer in question doesn't have a connection to the internet.
Very true. In many ways I do keep GUI and internet access mutually exclusive. In particular I would never connect Windows to the raw network. It always sits on an isolated network with something like a Raspberry Pi running a SOCKS5 proxy for Firefox to view web pages. It solves so many issues. Projects such as PiHole are even developed to capture that niche for "normal" security conscientious users.
Pretty much by simply not connecting them to the wider world.
Isolated PC ------------------- Raspberry Pi ================== Main internet
|
Isolated Laptop -------------Yes, that should be fine. The rest of the world / network "looking in" will only see the Raspberry Pi and packets coming and going from it. They won't even know the Windows PC behind it exists. Likewise the Windows PC and the software running on it won't even know it is connected to the internet. Only SOCKS/proxy enabled software can be instructed to communicate with the Pi.
Thank you once again for confirming.
Well, professionals have access to hardware (firewalls), which I cannot afford; perhaps more public addresses to isolate the networks at the Internet interface, etc.
Which means that a web browser on the "Isolated PC" can download and execute malware. Unless you make sure the web browser on that PC is completely feature- and stateless. And that malware can communicate freely with the outside world, using the http protocol.