TL;DR - About switching from Linux Mint to Qubes OS from among various other options that try to provide security out-of-the-box (also discussed: OpenBSD, SculptOS, Ghaf, GrapheneOS)
TL;DR - About switching from Linux Mint to Qubes OS from among various other options that try to provide security out-of-the-box (also discussed: OpenBSD, SculptOS, Ghaf, GrapheneOS)
Rust (Golang or any mem-safe lang) is/are useful for designing secure applications, but not the reason Syd is so great. It is impressive because it is unprivileged, simple yet very granular, has tons of exploit mitigations and hardening options, defaults to hardened_malloc (on arm64 and x64), it’s multilayered sandbox (using landlock, seccomp, namespaces, and more), but of course being written in a memory safe language is an important plus (as memory corruption vulnerabilities are a very large class of common vuln). It abstracts the complexity of working with low-level sandboxing API (such as landlock) while allowing you still construct complicated sandboxes). The dev is also very open to add new ideas.