Fedora isn’t that secure without some effort either.

Fedora’s philosophy is being a modern and security oriented (not security focused) distro. An easy example is that Fedora uses Linux kernel 6.14.2, whereas Debian uses Linux kernel 6.1 (I know they backport fixes, but the point remains).

Unfortunately, I have no way to confirm which one out of them is “more secure”.

Do you have any sort of automated test framework in mind which one can use to test distros against attacks?

Generally trust what security experts say about it, but if you really want an automated test, you can look at Lynis

Why do you rank secureblue over Whonix?

Whonix on its own isn’t very secure. It’s more privacy focused than security focused. It’s based on Debian, which has a host of issues I won’t get into. dom0 in Qubes OS is based on Fedora for its security, and it’s no coincidence that secureblue is also based on Fedora.

Hey, I recognise you now!

Look mom, I’m famous! :P

That was a great post, I had a lot of fun reading it.

Thank you!

If I could follow people on Lemmy I’d follow you.

The best you can do in regards to that is adding my profile to your preferred RSS reader, so you get notified each time I post. A few good ones for android are Feeder, Read You, or (my favorite) Capy Reader.

What do you think about Kicksecure (and Kicksecure inside of Qubes)?

I’m not sure if you mean actual Kicksecure or if you mean Whonix. Either way, if I were to use Qubes OS, I would do Whonix inside of Qubes (until a secureblue template is made).

SecureBlue too but I hear SecureBlue isn’t a big team, not sure how much time they have to address the broad range of desktop Linux security issues

secureblue backports a lot of fixes from other projects (e.g. their browser, Trivalent, backports fixes from GrapheneOS’s Vanadium). Their team is small but mighty.

I personally think that if you were to put GrapheneOS and Qubes OS side-by-side on uncompromised hardware, I’d take Qubes.

GrapheneOS compartmentalizes as well, but in a different fashion. All apps on GrapheneOS are sandboxed, Once GrapheneOS implements App Communication Scopes, apps will be able to be completely* isolated. Without App Communication Scopes, the best way to isolate apps is by setting up separate profiles.

*While APC prevents communication between apps, they are still installed on the same profile, and thus have access to unique profile identifiers. Apps with network access can technically communicate with each other via a third party. Furthermore, apps may be able to directly communicate with each other through a telephone effect (e.g. Pixel Camera tells Google Play Services to tell Google Calendar about the photo you just took). I am massively oversimplifying this, but you get the gist.

I mentioned in my post that security is going to become very interesting with the introduction of the Linux terminal into Android. If GrapheneOS chooses to expand on this, that means, like Qubes OS, GrapheneOS could emulate multiple Linux distros.

Anyways, this is how I would rank them in terms of security (again, oversimplified):

GrapheneOS > Qubes-secureblue > Qubes-Whonix > secureblue

Each project fundamentally has different goals, so there is no one “security” to rank them by.

Though, for desktop, I prefer secureblue, as I don’t have a secondary GrapheneOS device, and secureblue is far more usable than Qubes OS.

That’s simply due to the repository VSCodium uses to pull extensions from (in the name of using open source extensions). Other (proprietary) extensions can be installed by downloading the .vsx file and installing manually. In most cases, though, open source alternatives to proprietary extensions exist.

Check out VSCodium, which is open source telemetryless binaries of VSCode

Edit: Nevermind, it seems you already use it

https://privsec.dev/posts/linux/linux-insecurities/

That’s a more up-to-date article about security issues with Linux.

TL;DR is that Linux (the desktop, not the kernel) is fundamentally insecure, and so the more secure options for desktop are Qubes OS (Qubes OS is not a Linux distro) or (even better) GrapheneOS used in Desktop Mode. secureblue is about as secure as Linux can get, but the most secure option for desktop itself.

Things also get weird when you consider running secureblue inside of Qubes OS. See my post for more thoughts about that.

Madaidan’s Insecurities hasn’t been updated in a few years, so some of the information is a bit out of date. It is still decent information, but don’t follow it granularly. What you may be looking for instead is secureblue, which essentially does what you are describing but for Fedora Atomic desktops.

Thank you! I will try this tomorrow. I’ve been at this for 7 or 8 hours straight now.

I think so, but I can’t be certain. Is there an easy way to check?

I specifically need CoreOS since I plan to rebase it to securecore. Thanks for the suggestion, though!

!lemmysilver

Other people beat me to it on the other post, but none here!

Not so new browser controls let you block all advertisers forever

Quest: Kali Bandits

The Kali have been terrorizing villages across Linuxia. I beg you, young traveler, help us fight them off. I’ll reward you with riches beyond compare!

Objective: Protect the village from the Kali bandits.

Reward: +500 gold

The questmakers haven’t updated the quest descriptions in a while. I’m waiting for the next update when they port the Whonix ISO kit.

I have [Ancient] Debian Armor and a GNOME as my companion. I often equip the Tor Browser Cloak of Invisibility. If slain, I will drop a Locked KeePassXC Database Chest. After completing the mission Revive bricked Linux system, I was awarded with the [Rare] Ego Potion. When drunk, it boosts all stats temporarily during a battle.

I personally can’t stand any other options except for Cinnamon (since it got a redesign) and a few distro-specific ones. That’s just me though. Explore away!

I have a potato laptop, so GNOME is a little too heavy on it. I think KDE Plasma would be fine for a desktop, but I’m addicted to GNOME

I use both: GNOME works better for a desktop, KDE Plasma works better for a laptop.

There are more than those 2 options for a Desktop Environment, by the way ;)

But the biggest improvement coming from Windows?

The thing that got me to switch from Windows to Linux (the straw that broke the camel’s back) was Window’s “Eco Mode”. Eco Mode is a cute little thing that (at least at the time) cannot be disabled. It automatically slows down apps so your computer draws less power to help the environment. What did that mean for you? ChatGPT (which was just starting to boom at the time) would become barely functional because Eco Mode would slow down the browser. You could only temporarily disable it per-process, but it will enable itself right back again whenever it wants.

I’ve been waiting for a post like this. Every single time I have tried Windows 11 I have fallen in love with the UI and UX. Sure, it can be buggy at times, but that’s true with anything. It has always pained me a little bit every time I have to replace it with Linux. KDE Plasma 6 is the closest I’ve been able to find to Windows 11. Microsoft in my opinion did a really sleek and nice job making Windows 11 pretty, especially compared to Windows 10.