no one was writing malware targeted at us
Probably not true now. It took some digging but I found e.g. BPFdoor https://attack.mitre.org/software/S1161/ which “does not need root to run” https://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis
The silver lining is that a lot of these backdoors are nation-state level so you might not be targeted by them. If I had data on my computer worth a dang, I’d be more concerned.
It’s controlled by a major corporation that tightens up all the time (e.g. the manifest v3 changes conveniently hurting ublock origin, the weird app interests thing that only Google supports, the conflicts of interest between Chrome, Google, and Chrome users [webP vs JPEG-XL]). Stock Chrome/ChromeOS is a massive data harvesting operation that gets more insistent with each update. Once Google stops supporting them they can become paperweights if you don’t have alternate OS support (not every model does). Goes against the libre philosophy of mainline linux. ChromeOS running Linux is an implementation detail, for how much use it provides the average user.
Graphene has options to restrict that [user storage availability] but you have to set it up that way.
It’s also a bit of a pain to manage as an end user. I wish it shipped with a toggle that was a step up from stock Android but also not in the way constantly. Like “we went through the top 50 apps on Play Store and FDroid, we classified them as media player, social media, etc., and we made rules for each category that reasonably isolates it while still allowing core functionality.”
Your phone and optional software available for Linux go a step further [for bruteforce prevention]
Do you have specifics for Linux?
Cheers to this guy for what he’s doing, but the name is a little confusing. This approach works but it is not nearly as robust as the immutable distro paradigm implied by the name.
Good point. It’s a 1000 person PoC and not yet a titan. He’s doing in-the-field testing and even has his two kids daily driving it (one on testing branch, haha).
It’s great to reduce ewaste, but from a practical perspective I strongly suggest finding a phone that can do postmarketOS. This is becoming more of a trend and postmarket at least has a handful of guides from people who have put servers on PMOS. I suspect all phones lead to pain when self hosting, but postmarket leads to less pain.
Any modern operating system is so complex and has so many parts interacting with each other that it’s always possible to hide something malicious somewhere in the Rube Goldberg machine which most people will never notice.
100%. From what you’re saying, though, it sounds like a Linux password is a red herring, and a secure password even more so. If SSH is disabled the class of attacks to be prevented are users ‘voluntarily’ running malware pretending to be goodware.
Never ever run any untrusted program or script, not even unprivileged. The biggest thing Linux has over Windows in this regard is the package manager, which is actively moderated by your distro maintainers, so you don’t have to download random installers from the internet like on Windows.
True, but does anyone operate this way? At that point it becomes an iPad or a Chromebook. (It does look like flatpaks or docker containers isolate behavior, so that’s a win.)
However, I will add that if you hate the default Debian installer and are willing to dig a bit through the website, they do have live USBs for each DE with a Calamares installer that I love. I really wish they would promote those more.
OMG. I used that years ago and assumed it got deprecated or something. The debian website is something else. Do they still bury nonfree ISOs?
What are passwordless solutions in Windows for remote access, disk/filesystem encryption, keyrings?
There’s the first-party remote desktop tool. I believe it pops a prompt on the client PC and asks to connect. Sysadmins can bypass that I’m sure. Third party tools like teamviewer configure a one-time password to authorize over the internet.
You can use biometrics for encryption, but I wouldn’t and don’t. Keyrings I’m not sure if Windows has OS-level password storage beyond the archaic storage of things like wifi passwords and SMB/samba logins.
That would align with my threat model which considers physical access to be game over (except for FDE). I hope there’s hardware token like yubikey out there as well.
Answering your question directly, the major threat to most consumer users is physical compromise or theft of device. Your statement that “physical access is game over” is not entirely accurate: disk encryption with a password is a very strong protection against unauthorized data access, but you need to use a password (doesn’t matter if it’s Linux or Windows).
Yes, this comes down to the laptop market being much more popular. I’m talking about a desktop.
If you have never used a password on windows or some other authentication mechanism then your Windows is not very secure.
Can you elaborate?
Some random person or app cannot just click through it.
So a regular script on Linux can run e.g. sudo apt update and just hope that there’s no password on the current account, and escalate to root?
The password deters a casual hacker and buys you some time to notice and deal with anyone seriously trying to break in.
Specifically, are you talking about physical access? SSH? Something else?
For a PC from around 2010-2018: Mint Cinnamon, Ubuntu 24.04, Lubuntu 24.04, MX Linux, in that order. Not Kubuntu, apparently it’s the lost sheep of the family. Until you’ve used Linux for a few years, always aim for LTS (long term support) or similar terms. Never use an OS billed as a “beta” or “release candidate”. “Rolling release” is suspect. It’s all fun and games until your OS doesn’t boot or you lose your data. Stability matters (and back up your data). Once you learn how Linux works, and if you become an enthusiast, you can do what you want. I highly, highly doubt you’ll find Arch as painless as what I recommend.
https://lemmy.frozeninferno.xyz/post/58612395
400+ installs in the past four years - discarded/donated business laptops that get fixed, cleaned, upgraded with cheapest SSDs and donated to predominantly tech illiterate users.
99% is ubuntu lts + ansible playbook that removes snap, disables A TON of update naggings, installs flatpak, coupla apps and systemd timer to autoupdate all flatpaks. this is the only thing that has low support requests, everything else we tried (mint, debian, fedora) has a disproportionately higher support request frequency (reinstalls, wifi, fix this, remove that, etc).
I’d say Ubuntu as #1 but it’s not known for maximum performance. Debian installer is a total mess and Linux fans don’t realize how foreign it is to a newbie. It feels like the Debian installer was last updated in 2004. I have a soft spot for Lubuntu and its classic Windows 2000 look. Runs fast too if that matters to you.
Per some feedback, I tried on another distro. Fedora 43 (hot off the presses) only has some of these bugs. I couldn’t reproduce 1, 2, and 4 here on Fedora 43 KDE live.
The first mistake is using Kubuntu. It’s always been a buggy mess.
Considering my experience with Kubuntu 24.04, I’m inclined to agree. But it gets top billing on kde.org because (it seems) Ubuntu pays more money than SUSE.
What distro? I was on Kubuntu 25.10. Did you record it? It’s hard to see in real time.
Windows 95, 2000/XP, and 7 were all very nice OSs. DirectX and whatever other APIs helped PC gaming. Windows Phone 8/10 are an interesting paradigm I wish still existed. The Xbox 360 blades dashboard (and later the NXE) ushered in an era we’re arguably still living in. WSL.
Embarrassingly, make a Windows 10-like OS. (More specifically, a window manager, probably.) Or have an affirmative vision for the future (non-Windows 95-derived) like Niri or (fascist-adjacent) Omarchy. 15+ years ago I booted my first distro. I ran Ubuntu with Unity on a side PC for years. Good for single screen use. I daily drove Debian for 3 months in 2018 but never got it to look more modern than Windows 2000. I never “enjoyed” it. This matches my thoughts. https://www.theregister.com/2025/11/10/deduplicating_the_desktops/
Going to try out https://www.anduinos.com/ and Zorin. Have done distro hop roulette for months and a lot of them are unsatisfying. KDE looks close to how I want but runs slow e.g. https://lemmy.frozeninferno.xyz/post/58790510
I’m big on super+arrow to move windows from one screen to another. I rarely need more than 4 active windows per display. But my big problem with tiling is that I like seeing the windows I have open at the bottom of my screen. (this was for my laptop but similar points https://lemmy.frozeninferno.xyz/post/58681232 )
My side OS on my main PC is Mint with MATE, but I also don’t gel with it. Ran it on a family PC for years and it did the job for casual use. Random gripe off the top of my head I think applies in MATE: sorting is in byte order, not in brain order. Many linuxes sort 10, 1, 2 instead of 1, 2, 10. MATE and Xfce (iirc) have terrible file operation handling compared to Windows or (the gold standard?) Teracopy in Windows.
Every default GUI archive/extract program in Linux sucks, that I could find. I prefer Peazip but even 7z-gui (the stock one) is good. Even native windows zip support feels more pleasant. This goes back to a bazzite/omarchy philosophy of shipping software that is good, instead of defaults that suck.
Oddly enough I kind of respect AntiX + IceWM, as well as Lxqt / Lubuntu more than most of the crap modern WMs I’ve used.
SSH key exchange / setup is a fucking nightmare and I don’t know why I’m copy pasting keys into text files or piping multiple commands together for the 50% odds that my OS setup allows it. I still don’t really understand the Linux threat model where passwords on a local account make sense. (Is it to prevent local scripts from escalating to admin?)
I’ve run Linux servers for 5 years and I run WSL, but nothing clicks per se. I’m always more at home in Windows. Niri feels close to what I want, but too high a learning curve. I may make a post about it someday.
Total tangent, but IMO this is the state of the art in data retention: https://superuser.com/questions/374609/what-medium-should-be-used-for-long-term-high-volume-data-storage-archival/873260#873260
Not a good argument. Several distros use it, but most mainstream distros are not focused on sandboxed apps. If you look up “should I use Snap on Ubuntu” the responses are around 80% no.