85
submitted 1 year ago by chevy9294@monero.town to c/linux@lemmy.ml

Hi, Im searching for a secure distro for normal daily use for my laptop. Currently Im running arch linux with full disk encryption, secure boot, linux hardened, firewalld and most apps as flatpaks (with some disabled permissions using flatseal). I think its pretty secure laptop but it could be more secure.

Tails and Whonix are the most secure but they are not ment for normal daily use...

There is a lot of new immutable distros. Getting (system) malware is harder to get on them. Im most interested in blendOS, because its based. Does anyone know if it has full disk encryption, secure boot, etc. or can it be done by the user? What about other distros like Fedora Silverblue?

Any other recommendations?

Thank you :)

you are viewing a single comment's thread
view the rest of the comments
[-] hottari@lemmy.ml 13 points 1 year ago

Seems to me like you already have a secure setup. You just need to keep it secure. I personally can't imagine downgrading from using Arch to an inflexible immutable distro.

[-] throwawayish@lemmy.ml 9 points 1 year ago

an inflexible immutable distro

Besides the somewhat unfortunate and false 'immutable' name, what makes them inflexible according to you?

[-] hottari@lemmy.ml -1 points 1 year ago* (last edited 1 year ago)

Can't install a new system package for most immutable distros without going through some magic incantation, then doing a reboot as an example.

Everything immutable is designed to be inflexible for the user. Am not saying that it's a bad thing if that's what you clearly want.

[-] throwawayish@lemmy.ml 11 points 1 year ago

First of all, thank you for replying 💙 !

Can’t install a new system package for most immutable distros without going through some magic incantation

blendOS: Replace sudo pacman -Syu with system install

Fedora's 'immutable' distros: Replace sudo dnf install with rpm-ostree install

openSUSE's 'immutable' distros: Replace sudo zypper install with sudo transactional-update pkg install

While Guix and NixOS offer somewhat similar functionality with their guix install and nix-env -iA commands respectively, usage of said comments are rarely done by advanced users as other means to install packages are more sophisticated. And in terms of how sophisticated installing a mere package can get, one might argue that Guix and NixOS are to 'immutable' distros what Gentoo is to mutable distros.

And with that we just went over the 'immutable' distros that are prevalent in 95% of the discourse (besides Vanilla OS; but that one's in a major overhaul) and none of the commands found above strike me as particularly hard. Though, of course, your mileage may vary.

then doing a reboot

I'll just briefly mention that --apply-live exist for Fedora's immutable distros if you like living on the edge. Furthermore, both Guix and NixOS don't require a reboot in most cases. Finally, while the soft-reboot feature from systemd benefits all distros, one can't deny how impactful it is to 'immutable' distros in particular.

load more comments (6 replies)
load more comments (6 replies)
load more comments (6 replies)
this post was submitted on 31 Aug 2023
85 points (95.7% liked)

Linux

48335 readers
1309 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS