ExploreTrendingAnalytics
Nostr Archives
ExploreTrendingAnalytics
Laser1d ago
Desktop Linux is far from secure. 🐧 Exploring Secureblue OS, a #GrapheneOS inspired OS built with #Fedora Silverblue. https://www.youtube.com/watch?v=hmKQyeyOd54
💬 8 replies

Replies (8)

Daedalus1d ago
Novel project and very restrictive. Lots of headdache if you need to go beyond Flatpaks. It attempts to apply Android's sandboxing security model to Linux, which is ingenuous but still very early. Good for a netbook style computing though. Qubes is the gold standard, and easier to use than it seems but has major performance overhead. Kicksecure is less secure than Secureblue and has a different philosophy, mainly focusing on being a hardened traditional Linux experience than emulating Android's security model. Its got great features if you need plausible deniability with Live mode, Qubes and Secureblue lack this feature. If you find Secureblue too restrictive, please try these others before going back to a less secure distro.
0000 sats
Scoundrel1d ago
Yep Qubes is brilliant. However they desperately need to start writing custom unikernels to improve the performance. Additionally there has GOT to be a way to sandbox the GPU. They need to find something better than all their CPU rendering shenanifans.
0000 sats
The BTC Philanthropist1d ago
Its great but if you need something other then flatpaks its tough - for example a vpn, I believe only mozilla offers a flatpak. Both proton and mullvad require .Deb \. RPM Sparrow wallet as well.... If you need funtional device with high security Mac os is solid but you obviously make some sacrifices.
0000 sats
Daedalus1d ago
Yeah haha the performance is horrible, especially on electron apps or websites with heavy JavaScript. The CPU rendering is very nice for privacy, basically makes the Whonix qube unfingerprintable, but I'd love an option for other Qubes.
0000 sats
Scoundrel1d ago
I dunno, I swear I heard that Javascript CPU fingerprinting can bypass virtualization. But also why can't GPU computation work without compromising information security? I've never understood.
0000 sats
Daedalus1d ago
MacOS is closed source, don't put your personal data or private keys anywhere near it. Security from everyone but Apple and their friends in the federal government.
0000 sats
Laser1d ago
All user space apps are containerized, so it's easy to install apps even outside of Flatpak.
0000 sats
Daedalus1d ago
Yeah there's still a fingerprint but it is way less accurate than GPU canvas printing. About as good as you can get with keeping JavaScript on. I can't answer your second question way above my head haha.
0000 sats