desktop linux is insecure - desktop Linux distributions, including Debian, Fedora, Ubuntu, Arch, Gentoo, all suffer from a complete neglect of basic security principles

Ludditebardd · 2023-06-11T14:31:04+00:00

I'm not sure what to think about this. I'm a big fan of sandboxing programs, its part of the implementation in GrapheneOS for a more secure phone. And pointing out that no desktop OS is fully secure is also a good thing. But saying there is a 10 year old exploit in Linux systems that you know about, but then rather then help write code to fix the problem it is decided to just write a new OS based on ChromeOS, seems like taking a step in the wrong direction.

If Bjorn is able to write and release this proposed OS, I would like to try it. Until then I'm still on Linux.

SoCo · 2023-06-12T07:34:41+00:00

I consider sandboxing to be a last ditch effort for when you know you are using untrusted software or content on an insecure system.

I believe the listed are insecure out of the box, but mostly due to excessive complexity and bloat, making them bug prone, have a large attack surface, and impossible to properly maintain and monitor. Sanboxes are just another excessively complex and bug prone thing. Chrome is a massive and overly complex browser, who's market control is forcing every other browser to be as insecure as well, by constantly piling more overly complex and bug prone web features and encouraging websites to rely on those massively over complex and wasteful trendy features as their web platform. As a browser looking to maintain its market share, using its monopoly of the market to continually add more flashy garbage at a rate no competition can keep up with, is a marketing strategy.

If no one can have the slightest clue what is going on in their system, because it all moved under dozens of layers of containers, managed in some mysterious layers of storage and resource segregation, and you can no longer find a simple executable or know how it is started at boot, are you really more secure, or less?

In the name of security, we are making Linux systems be such an enigma of complexity, that we have no clue what they are doing, what part is doing it, or where to find out any more.

It is all hand-waving working up to getting you complacent, so that vendors can include parts that do nefarious things behind the scenes without notice. It will be just another Windows, Firefox, or Chrome.

newguy · 2023-06-11T11:05:22+00:00

Security through obscurity stops working when you become a major OS

GeorgeCarlin · 2023-07-08T18:22:25+00:00

I know that. I've knewn it for years now.

On the one hand, I just feel a lot better while using manjaro and debian (instead of some Orwellian purely commercial OS)

and

On the other hand, I don't feel a need to use BSD's on a machine that I plan to use with a GUI.

Looks like shooting a particle accelerator onto some glorified cockroaches, imo.

I'm completely OK with debian and manjaro for desktops, even though I know the paranoid me could nitpick on those distros till time itself ends.

In completely other news: I got way too lazy over the years for any "real" arch or slackware itself.

Life is about compromise once you realize, you don't get younger as time passes.

A lot of security, as far as I understand, is jesus-nutted to refuting right-escalations on some standard-accounts. "Desktop"-distros I use fit this use-case for my degree of paranoia finely.

Anything else could develop into "perfection" or obsession and, as such, hence only is another way back into depression.

Linux

Welcome to /s/Linux

Rules

MODERATORS