Nostr Web Client

Would you say Alpine linux could fit as a more secure linux distro? Otherwise are there some "ready to go" linux distro that checks those characteristics?

ponymontana💜⚡ 1y ago

The problem is that some particular security settings are not compatible with a "generic good ux", so there are limits to "how secure" a linux distro ready to use can be.

I frankly wouldnt use any ready to go distro; I prefer gentoo with my fine tuned configs or openbsd. Alpine linux or arch/artix also are good options in my opinion.

The problem with these minimal distros is that they require time for experimenting and to develop competence. But the maintainance time at some point become zero, because there are few things that can break and you have put them in so you know whats broke; so when you are competent enough you know how to maintain these distros in pretty zero time (if there's a new problem you dont know how to fix... LFG a new thing to learn!!!).

If we just want compatibility with software and development tools, a debian or a linux mint will do the job with a goox ux and will be "secure enough" for a lot of use cases.

Reply to this note

Please Login to reply.

Discussion

ciori 1y ago

Now I am interested, do you have some good videos and/or guides to start/learn about linux hardening?

ponymontana💜⚡ 1y ago

Here there are a lot of good stuff

https://madaidans-insecurities.github.io/guides/linux-hardening.html

also https://www.kicksecure.com is a project that try to apply a lot of security practices on debian (it is used as base for https://www.whonix.org/), his docs and forum are full of good infos.

For learning there are many routes, I know only the "way of the monkey": nerd on computers, try stuffs, break things and, after some time, you will gain the knowledge to hack low level stuff on your Os.

There are absolutely other ways to learn this stuffs, but I dont know exactly, every person need to find his personal methods and paths.

I reccommend start hacking with arch linux because it is minimal and customizable and it has a lot of documentation and a big community to learn from.

A linux system is as secure as you make it, so a first arch installation will probably be even less secure than an ubuntu on average (lacks of mandatory acces control forexample...), but it is a good base to learn.

it is like bitcoin, the real utlimate resources to keep your bitcoin secure is to know how it works; when you have knowledge then you know what tools use and how use them.

ponymontana💜⚡ 1y ago

also here a more detailed (in some point a bit exxagerated in my opinion) critique of linux:

https://madaidans-insecurities.github.io/linux.html

ciori 1y ago

It was actually interesting to see chromebooks mentioned on those guides, do you know whether there is a degoogled ChromeOS alternative/fork much like GrapheneOS is for android?

ponymontana💜⚡ 1y ago

I dont know exacly, there is chromiumos that is like what AOSP is for android or chromium for chrome. But a complete security and privacy focused distribution like grapheneos doesnt exists today.

Recently google announced that it will migrate a lot of chromeos system to android, making it more similar to a sort of android x86-64.

I think will ship the google forked gki kernel like android and will run on the integral android JVM.

In future maybe grapheneos could be released easily for desktop, as chromeos is becoming de facto android.

https://blog.chromium.org/2024/06/building-faster-smarter-chromebook.html?m=1

Even if grapheneos is objectively so good, I dont like the "security-by-restrict-user-access" approach. I think the control of the system and the root access are the most important thing for "owning your computing", even if from great powers come great responsabilities and great dangers.

Also with a google owned giant monolith like AOSP or chromium, even if open source, you will be subject to the decision of a single company (who will fork this mess? Who has so much money? Another google?).

Linux distros can be simple, modular in his components so you own your system and choose what component to use. I personally forked and maintain a wayland based window manager with my patches, and it is manageble by one man in spare time. How many people would need to fork and hack with the android graphic stack? Thousands plus one. Because one guy need to change the lightbulb.

ciori 1y ago

Yeah pretty much agree on everything, especially the "one giant controlling the system's future" part.

By the way, I wanted to try out Alpine and labwc to see whether they could replace Fedora/Debian and Gnome/KDE as a desktop daily drive (at least for me), do you have some insights on those?

ciori 1y ago

Mmh apparently wlroots based WMs/DEs are bad security wise.

ponymontana💜⚡ 1y ago

no, wlroots based wm are at least on pair with X counterpart with security... I think alpine could be a good distro to do things with. If you have difficulties you can switch on arch/artix that have an enormous pile of docs