Are you referring to Qubes OS? If so, what do you mean exactly with hardware support?
Are you referring to Qubes OS? If so, what do you mean exactly with hardware support?
IIRC, it stops working whenever you disable JavaScript.
I think we’ve probably already spoken on the matter.
That’s definitely possible. Unfortunately, I don’t recall it 😅.
Indeed, Lemmy has a serious dearth of users interested and using secure distros over the averages.
It’s definitely better at this than the platform that starts with an “R” and rhymes with “shit”.
Thanks for your efforts; I do not know how to follow users on Lemmy but if I did I’d follow you. Do you have a blog/any other forum you’re more active on?
That’s such a compliment. This is definitely one of the nicest things I’ve read on Lemmy. I really appreciate it.
Unfortunately, I’m only somewhat active on Lemmy. FWIW, consider checking out the following places if you haven’t yet:
And, of course, Qubes OS’ forums.
Personally, I find it difficult to justify the time to learn Secureblue (especially the immutable part) or NixOS on Qubes because custom DispVMs with curated salt states work so well already. I’m interested in use-cases that will improve my security but I haven’t found any dialogue on this yet. If you do have opinions on this and know where I can look, I would greatly appreciate it!
As I’ve previously alluded to, I don’t have any hands-on experience with Qubes OS yet. So, I don’t think I can contribute meaningfully in this discussion. However, IIRC, there are some discussions found on the forums/discussions page for Qubes OS.
Aight. I’m glad to hear that that has been resolved. I’d love to hear about your experiences on secureblue, so consider to report back. Finally, note that as a hardened distro, some things might work differently from what you’d expect. So be prepared to relearn a thing or two 😉.
Whonix is an OS exclusively meant to be used within a VM; at least, until Whonix-Host is released. Therefore, I didn’t include it as it’s not actually competing within the same space; as it can be run on any of the aforementioned systems within a VM. Finally, it’s worth noting that by its own documentation, it’s desirable to do so with Qubes OS.
Please allow me to link to an earlier comment of mine that goes over this in more length. You may also find it copied-and-pasted down below:
First of all, apologies for delaying this answer.
Disclaimer:
Qubes OS >> secureblue >~ Kicksecure
Context: Answering this question puts me in a genuinely conflicted position 😅. I have immense respect for the Kicksecure project, its maintainers and/or developers. Their contributions have been invaluable, inspiring many others to pursue similar goals. Unsurprisingly, some of their work is also found in secureblue. So, to me, it feels unappreciative and/or ungrateful to criticize them beyond what I’ve already done. However, I will honor your request for the sake of providing a comprehensive and balanced perspective on the project’s current state and potential areas for improvement.
Considerations: It’s important to approach this critique with nuance. Kicksecure has been around for over a decade, and their initial decisions likely made the most sense when they started. However, the Linux ecosystem has changed dramatically over the last few years, causing some of their choices to age less gracefully. Unfortunately, like most similar projects, there’s insufficient manpower to retroactively redo some of their earlier work. Consequently, many current decisions might be made for pragmatic rather than idealistic reasons. Note that the criticisms raised below lean more towards the idealistic side. If resources allowed, I wouldn’t be surprised if the team would love to address these issues. Finally, it’s worth noting that the project has sound justifications for their decisions. It’s simply not all black and white.
With that out of the way, here’s my additional criticism along with comparisons to Qubes OS and secureblue:
What are the main advantages of using this, that make it more secure?
More secure compared to your average distro? Or more secure compared to a specific set of distros? Unless, this is properly specified, this comment could become very unwieldy 😅.
Thanks in advance for specifying!
I daily drive secureblue; or, to be more precise, its bluefin-main-userns-hardened
image.
“Why?”, you ask. Because security is my number one priority.
I dismiss other often mentioned hardened systems for the following reasons:
Nix, the package manager, is distro-agnostic. Add Home Manager on top of it and you’re good to go; both packages and dotfiles are dealt with.
Thanks for clarifying!
IMO immutable distros aren’t a best fit for a desktop computer. It can do so much more than gaming and turning it into a dedicated console is a step back if a normal linux distro can do just as well.
I would personally nuance this to: “Current iterations of ‘immutable distros’ that have evolved from traditional distros haven’t matured sufficiently yet to tackle 99.99% of the use cases ‘easily’.” The exact number on the percentage I don’t know. I believe most people that use their PCs as a glorified app launcher should be more than fine. But we start experiencing major difficulties the very moment that (a)kmods are involved; some of which are ‘supported’~ish, while others certainly aren’t.
But, I simply fail to see why a future iteration would not be able to solve related issues.
Thank you. This does give an idea.
It has been my pleasure.
Follow up question : Is Arch really that good?
Depends entirely on your needs. There is a use case for Arch. However, if you’re completely new to Linux, then it’s very likely that a ‘slower’-moving distro (like (anything based on) Debian (or Ubuntu)) might better suit you.
It’s a steering wheel driver.
Could you perhaps be more precise? Is it a specific one? Or are there a multitude of steering wheel drivers that satisfy your needs?
And virtualbox.
Do you specifically need VirtualBox? Or would Qemu/KVM satisfy your needs?
IIRC VirtualBox requires kernel mods. Therefore, you would have to create your own images 😅 in which said kernel mod is included. FWIW, both uBlue’s templates and BlueBuild do a wonderful job at streamlining this process.
Or…, as alluded before, you don’t necessarily need VirtualBox. But, instead, Qemu/KVM perfectly satisfy your needs. Then, you can just run ujust setup-virtualization
. After which you reboot, and you would be good to go.
What’s preventing you to install that single package through rpm-ostree
?
Unsurprisingly, usage numbers for distros are hard to get due to lack of telemetry and what not.
However, some measurements do exist; like data from ProtonDB. These are used by Boiling Steam for their excellent reports in which some representation regarding usage across distros can be found. Their most recent report can be found here.
Note, however, that the following, as has been excellently touched upon by Boiling Steam, applies:
COMMON MISCONCEPTIONS
Since we hear some of the following comments EVERY SINGLE TIME, let’s address them here and now:
- “Duh, it’s not representative of Linux usage in general!”: And nowhere does it claim to be. As often as possible we make it clear this is Linux usage in a gaming context. The usage of Debian and Ubuntu on servers is safe for now, no need to panic.
I’ll be back the moment Wayland works better.
You mentioned in a comment that you used Arch, Debian and EndeavourOS. Though, historically, Wayland has been adopted first on Fedora. Therefore, I wonder if underutilizing Fedora (and/or derivatives like Bazzite/Nobara) might have been the main culprit in this case.
I don’t know how old your father is or what they do on their systems. However, for elderly people, for which I just want to setup the system and forget, I tend to go with Endless OS. It’s more limited and more mature than Vanilla OS. But, if that’s exactly what you want, I’m simply unaware of anything better out there.
And yet they did so using the package manager.
So, Davinci Resolve’s .run file used for installation definitely somehow interacted with the package manager. Otherwise, the system wouldn’t break the way it did. While, technically the package manager was in use (at least at some point), the user -i.e. OP- did not intentionally invoke its use consciously. So, I wouldn’t refer to this as “using the package manager”.
They just installed a apt.source
What is an apt.source? Search engines and LLMs failed at resolving this. They did explain what apt source is or could refer to, though*. Regardless, what leads you to understand that they’ve installed an apt.source? Please be elaborate as I’m not a Debian/Ubuntu user; consider shedding light on it through the RPM world.
THAT I would say one should not do unless one really knows what they are doing.
How does one know which apt.source they should and should not install? Doesn’t this imply “expert skills” (using my understanding of your logic)? On Windows, you can install software with almost no fear; as long as the source is trusted.
If they had just installed some .appimage
Assuming they’ve installed libfuse2
. Which actually is not present in modern Ubuntu installations.
or compiled something from source they would have been fine.
So, in this case, you believe that compiling a gargantuan program like Davinci Resolve would not have caused a ton of issues related to dependencies even if it was supported on Ubuntu?
So… I’m not going to nuance your stance if it shouldn’t be nuanced.
I thought that my writing was sufficiently easy to comprehend and would not lead to any misunderstandings. Therefore, within that context, nuance was not needed. However, your engagement in the conversation implies that some actually did misunderstand it. Thus, nuance was (seemingly) needed and I only became aware of it afterwards.
It’s a bit up to you to be clear about your nuance. And in this case you’re being very ambiguous about it.
My stance is pretty simple:
So, if one can’t deal with the consequences, like how OP had to come here for help, then one should stick to the first point.
It just had its first Stable release (as Vanilla OS 2). Therefore, consider to wait it out a bit until it has been well-tested at large. Until then, please feel free to choose something else that is to your liking. Like, what is it that attracted you to this one in the first place?
Very curious. I didn’t know this. I tried verifying this, but didn’t manage to do so.
So, I got to ask; Was this just a joke? Or is there (some) truth to this claim?
The pursuit of Freedom led me to Linux.