Linux
Welcome to c/linux!
Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!
Rules:
-
Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
-
Be respectful: Treat fellow community members with respect and courtesy.
-
Quality over quantity: Share informative and thought-provoking content.
-
No spam or self-promotion: Avoid excessive self-promotion or spamming.
-
No NSFW adult content
-
Follow general lemmy guidelines.
view the rest of the comments
May as well contribute my own 😜.
I'm an absolute sucker for exquisitely hardened distros. Hence, distros like Qubes OS and Kicksecure have rightfully caught my interest. However, the former's hardware requirements are too harsh on the devices I currently own. While the latter relies on backports for security updates; which I'm not a fan of. Thankfully, there is also secureblue.
Contrary to the others, secureblue is built on top of an 'immutable' and/or atomic base distro; namely Fedora Atomic. By which:
If security is your top priority, Qubes OS is the gold standard. However, secureblue is a decent (albeit inferior) alternative if you prefer current and/or 'immutable'/atomic distros.
I ran Qubes for a while, really enjoyed the way it integrated windows so I could use MS Office (mandatory job requirement) as apps rather than a VM as I normally do. I realise you can do something similar with Winapps for Linux but to have it baked in was rather nice.
Interesting. Thank you for sharing your experiences! Would you be so kind to elaborate on that experience? Did you like it? Are you still using it? Why or why not? Pros and Cons? Thank you in advance!
Please provide more of your criticisms for Kicksecure
First of all, apologies for delaying this answer.
Disclaimer:
Qubes OS >> secureblue >~ Kicksecure
Context: Answering this question puts me in a genuinely conflicted position 😅. I have immense respect for the Kicksecure project, its maintainers and/or developers. Their contributions have been invaluable, inspiring many others to pursue similar goals. Unsurprisingly, some of their work is also found in secureblue. So, to me, it feels unappreciative and/or ungrateful to criticize them beyond what I've already done. However, I will honor your request for the sake of providing a comprehensive and balanced perspective on the project's current state and potential areas for improvement.
Considerations: It's important to approach this critique with nuance. Kicksecure has been around for over a decade, and their initial decisions likely made the most sense when they started. However, the Linux ecosystem has changed dramatically over the last few years, causing some of their choices to age less gracefully. Unfortunately, like most similar projects, there's insufficient manpower to retroactively redo some of their earlier work. Consequently, many current decisions might be made for pragmatic rather than idealistic reasons. Note that the criticisms raised below lean more towards the idealistic side. If resources allowed, I wouldn't be surprised if the team would love to address these issues. Finally, it's worth noting that the project has sound justifications for their decisions. It's simply not all black and white.
With that out of the way, here's my additional criticism along with comparisons to Qubes OS and secureblue:
Thank you. Stateless is a good idea, and I would personally like to see faster security updates on Debian (and by extension KickSecure). I haven't been following them lately so I do not know their reasons for deprecating hardened malloc, I assume there's an explanation for it.
Thanks for the note
Thank you for the quick reply!
It has been my pleasure 😊!
Pragmatism 😅; at least, that's how I interpret their justifications.
Again. it has been my pleasure 😊!