TL;DR - About switching from Linux Mint to Qubes OS from among various other options that try to provide security out-of-the-box (also discussed: OpenBSD, SculptOS, Ghaf, GrapheneOS)
I don’t understand… Your motivation for a secure operating system was from an incident where you were nearly social engineered? How will a “more secure” os help you with that?
How is using disposable VMs in Qubes not going to help?
I think Secureblue + GrapheneOS are the most reasonable choices imo. Qubes is highly hardware intensive for what it does, it will frustrate most people.
It works decently with just 8 GB RAM, and I’m going to upgrade the RAM.
Secureblue is based on sandboxing rather than paravirtualization, and I’m not sure that’s secure enough for me.
Not only is it resource‑intensive, but Qubes also lacks Secure Boot and Wayland support. Secure Boot is critical to ensure the OS has not been tampered with, and Wayland is required to isolate individual apps running within a single VM from capturing input intended for other apps. For an average user, I would recommend SecureBlue rather than Qubes.
AppVMs are isolated in Qubes even without the help of Wayland
I am excited to see Chimera Linux mature because iy seems like a distro which prioritizes a simple but modern software stack.
Features of Chimera that I like include:
- Not run by fascists
- Not SystemD (dinit)
- Not GNU coreutils (BSD utils)
- Not glibc (musl)
- Not jemalloc (mimalloc)
- Proper build system, not just Bash scripts in a trenchcoat
What I would like:
- MAC (SELinux)
- Switch to Fish over Bash (because it is a much lighter codebase)
- Switch from mimalloc to hardened_malloc (or mimalloc built with secure flag). Sadly hardened_malloc is only x64 or aarch64
- Hardened sysctl kernel policy
Chimera is a nice alternative to Alpine, have you thought of sending this feedback to Chimera’s dev?
What are the pros/cons of GNU coreutils vs BSD utils?
EDIT : from their website : Desktop environment -> GNOME. What a choice, not for me.
GNOME is just the default, there’s also KDE and no-GUI options if I’m not mistaken
I find it odd that the author didn’t mention secureblue at all. I wonder why they didn’t consider that option?
I actually forgot to mention it, but I was going to say anyway that sandboxing I deem less ideal than paravirtualization
What I want out of a secure Linux (or BSD) system is full (top-to-bottom) sandboxing of all components to enforce least privilege. I am want to learn how to make my own distro (most likely for personal use) which uses strong SELinux policies, in conjunction with syd-3 sandboxing, which seems like the most robust and feature rich, unprivileged sandbox in both the Linux/BSD worlds (also it’s totally in safe Rust from what i can tell).
Another thing that I would love to make is a drop-in replacement for Flatpak that is backwards compatible but uses syd-3 instead. It has much better exploit protections than Bubblewrap, and is actually an OOTB secure sandbox. I dont know much about the internals of Flatpak, or how to use xdg-desktop-portal, but I am going to start more simple with a Bubblejail alternative. One major advantage of syd is that you can modify an already running sandbox, so theoretical you could show a popup that says something like “App1 is requesting microphone access.”, where you could toggle on without needing to restart the app.
Need to get better at coding tho lol
I’m all for a better Flatpak, but I’m on the fence with full-on usage of Rust, I’d wait for there to be a second Rust compiler. Otherwise, sandboxing might be enough for some users, but not exactly for me.
You can try to just make a hardened NixOS config. The only requirement is systemd to use NixOS options. Other components you can freely interchange.
Thanks, Ironclad and Gloire look interesting for a RISC-V system, gonna try out at some point alongside CheriBSD
