I’m an absolute sucker for exquisitely hardened distros. Hence, distros like Qubes OS and Kicksecure have rightfully caught my interest. However, the former’s hardware requirements are too harsh on the devices I currently own. While the latter relies on backports for security updates; which I’m not a fan of. Thankfully, there is also https://github.com/secureblue/secureblue/.
Contrary to the others, secureblue is built on top of an ‘immutable’ and/or atomic base distro; namely Fedora Atomic. By which:
It’s protected against certain attacks.
Enables it to benefit from more recent advancements and developments that benefit security without foregoing robustness.
If security is your top priority, Qubes OS is the gold standard. However, secureblue is a decent (albeit inferior) alternative if you prefer current and/or ‘immutable’/atomic distros.
I’m not an expert. While I try to verify information and only accept it accordingly, I’m still human. Thus, some falsehoods may have slipped through, my memory may have failed me, and/or what’s found below could be based on outdated data.
Additionally, I should note that I’m a huge nerd when it comes to ‘immutable’ distros. As a result, I’m very much biased towards secureblue, even if Kicksecure were to address all of their ‘issues’.
Furthermore, for the sake of brevity, I’ve chosen to stick closely to the OOTB experience. At times, I may have diverged with Qubes OS, but Qubes OS is so far ahead of the others that it’s in a league of its own.
Finally, it’s important to mention that -ultimately- these three systems are Linux’ finest when it comes to security. In a sense, they’re all winners, each with its use cases based on hardware specifications, threat models, and priorities. However, if forced to rank them, I would order them as:
Qubes OS >> secureblue >~ Kicksecure
Context: Answering this question puts me in a genuinely conflicted position 😅. I have immense respect for the Kicksecure project, its maintainers and/or developers. Their contributions have been invaluable, inspiring many others to pursue similar goals. Unsurprisingly, some of their work is also found in secureblue. So, to me, it feels unappreciative and/or ungrateful to criticize them beyond what I’ve already done. However, I will honor your request for the sake of providing a comprehensive and balanced perspective on the project’s current state and potential areas for improvement.
Considerations: It’s important to approach this critique with nuance. Kicksecure has been around for over a decade, and their initial decisions likely made the most sense when they started. However, the Linux ecosystem has changed dramatically over the last few years, causing some of their choices to age less gracefully. Unfortunately, like most similar projects, there’s insufficient manpower to retroactively redo some of their earlier work. Consequently, many current decisions might be made for pragmatic rather than idealistic reasons. Note that the criticisms raised below lean more towards the idealistic side. If resources allowed, I wouldn’t be surprised if the team would love to address these issues. Finally, it’s worth noting that the project has sound justifications for their decisions. It’s simply not all black and white.
With that out of the way, here’s my additional criticism along with comparisons to Qubes OS and secureblue:
Late adoption of beneficial security technologies: Being tied to Debian, while sensible in 2012, now presents a major handicap. Kicksecure is often late to adopt new technologies beneficial for security, such as PipeWire and Wayland. While well-tested products are preferred for security-sensitive systems, PulseAudio and X11 have significant exploits that are absent from PipeWire and Wayland by design. In this case, preferring the known threat over the unproven one is questionable.
Qubes OS: Its superior security model makes direct comparisons difficult. However, FWIW, Qubes OS defaults for its VMs to Debian and Fedora. The latter of which is known to push new technologies and adopt them first.
secureblue: Based on Fedora Atomic, therefore it also receives these new technologies first.
Lack of progress towards a stateless^[1]^ system: Stateless systems improve security by reducing the attack surface and making the system more predictable and easier to verify. They minimize persistent changes, impeding malware’s ability to maintain a foothold and simplifying system recovery after potential compromises. While this is still relatively unexplored territory, NixOS’s impermanence module is a prominent example.
Qubes OS: There’s a community-driven step-by-step guide for achieving this.
secureblue: Based on Fedora Atomic, which has prioritized combating state since its inception^[2]^. Its immutable design inherently constrains state compared to traditional distros, with ongoing development promising further improvements.
Deprecation of hardened_malloc: This security feature, found in GrapheneOS, was long championed by Kicksecure for Linux on desktop. However, they’ve recently chosen to deprecate it.
Qubes OS: Supports VMs with hardened_malloc enabled OOTB, for which Kicksecure used to be a great candidate.
secureblue: Continues to support hardened_malloc and has innovatively extended its use to flatpaks.
This paper provides a comprehensive (albeit slightly outdated) exposition on the matter. Note that it covers more than just this topic, so focus on the relevant parts.
Colin Walters, a key figure behind Fedora CoreOS and Fedora Atomic, has written an excellent blog post discussing ‘state’.
Thank you. Stateless is a good idea, and I would personally like to see faster security updates on Debian (and by extension KickSecure). I haven’t been following them lately so I do not know their reasons for deprecating hardened malloc, I assume there’s an explanation for it.
I ran Qubes for a while, really enjoyed the way it integrated windows so I could use MS Office (mandatory job requirement) as apps rather than a VM as I normally do. I realise you can do something similar with Winapps for Linux but to have it baked in was rather nice.
Interesting. Thank you for sharing your experiences! Would you be so kind to elaborate on that experience? Did you like it? Are you still using it? Why or why not? Pros and Cons? Thank you in advance!
I’m playing it via an emulator and it’s working nicely. I didn’t realise there was a mobile port. Though I can see how it would work well for the touchscreen pretty easily.
A lot of deep genres are impossible to port to work with a controller. Sadly, this nowadays means that a lot of those games don’t see a lot of good entries.
Geez I can’t believe a major group was nuked just like that. I never noticed anything about it being unmoderated but thank you for providing the explanation.
Geez even with decentralization we still have people making bone headed decisions. What is the best/strongest politics group that is not lemmy.ml nor lemmy.world?
Beehaw has a fairly active politics comm, their moderation is more on the strict side but it’s “hey be nice and dont use slurs” kind of strict and not “how dare you say Russia is bad, banned” kind of strict. Id recommend them. Otherwise it’s .world.
There are so many politics communities, but before you mentioned this I didn’t realize how concentrated they are on .ml and .world. These look like the most-subscribed USA and World politics communities that aren’t on .ml or .world:
[Edit: Though I listed them here, the hexbear and beehaw communities are not accessible to large swaths of the Lemmy user base due to instance defederations.]
I’ve heard bad things about hexbear and beehaw. But I looked at these other two.
!politics – unfortunately too many dumb restrictions.
Rule: Title must match the article headline <-- definitely a deal killer because often journalists use dumb headlines or leave the most important things out of the headline.
Rule Recent (Past 30 Days) <-- also a deal killer. Relevant is more important the recent. They are not the same things. “Recent” is only an imperfect proxy for “relevant”.
Rule: Be respectful and civil. No racism/bigotry/hateful speech. <-- perfect
I would also welcome suggestions for “news” groups outside of lemmy.world and lemmy.ml. [email protected] is okay so far but I’m always looking for possible alternatives.
It doesn’t matter where your account is. If someone kills your account you can quickly switch to another lemmy instance and resub to all your communities.
It’s too big. And it has dumb restrictions like no video content. But also, I had a very popular posting just completely nuked by the mod of [email protected] and the entire advanced discussion was suddenly lost, forcing me to recreate the discussion on [email protected]. Ever since I’ve been posting content to lemmy.ml instead of lemmy.world. Mainly important things missing from [email protected] or that they took down.
But aside from all that, we absolutely need redundancy on lemmy for major stuff like news and politics. Mods will abuse their power because they all want to “control the experience” instead of just do the basics. I’ve also had content nuked for no reason on [email protected] also and as a result I mostly use [email protected] instead although I’m open for alternate news site suggestions too.
!Pleasantpolitics might interest you. It’s an experimental community that employs a really interesting bot that scans users all across the lemmyverse, and prevents the most toxic people from participating. It seems to work fairly well, so far.
We need… something like a “transfer, merge, fork, split” for communities.
For example, if these guys are just going to nuke that content, another instance should have the opportunity to either fork it, or merge it with another community. Its mostly the same stuff as would have been in c/Politics here.
And what it does now, is it puts even more editorial power in the hands of fewer people (ones that ml probably) don’t vibe with.
We need… something like a “transfer, merge, fork, split” for communities.
People can do it currently. I’ve done it a few times, for all for cases. You just make an announcement on the community, or on !newcommunities if you are splitting from a power tripping mod.
Yeah idk. This was a criticism that I brought up of the fundamentals in lemmys structure early on: it selects for, effectively, clones of “whole reddits”, when it should be set up to support more balkanized instances.
Basically, lemmy.ml’s c/Politics is functionally redundant to .worlds c/politics; but thats by design.
What I think would be better would be adding tagging and taking federation a step further. Every post needs a ‘tag’; we steal that part from mastadon. It can have many, but it needs at least one, say #politics in this example.
Then, on instances, federation happens both at the instance level but also at the community level; communities can federate with other communtiies. But all posts get #tagged on the way in the door. Communtiies can then federate or defederate at will, and if neccessary, a community can “branch”; for example, maybe they want to split off US politics from politics; then you grab all the posts with the #US.
As far as an abuse vector. Thats just hang wringing. IF your mods are that abusive for a large sub, you’ve got way bigger issues. Which, if it did ever happen, is something that “forking” would solve. Mod on a power trip? No problem. Fork the community.
What I think would be better would be adding tagging and taking federation a step further. Every post needs a ‘tag’; we steal that part from mastadon. It can have many, but it needs at least one, say #politics in this example.
Tags also bring issues from a moderation perspective. Who can decide who can use tags to label which type content? Seems another way to have everyone spamming trending tags on all type of contents without control. I think tags work better on a microblog format than community format, where you can potentially reach out everyone following that community/tag much easily than crossposting each time.
As far as an abuse vector. Thats just hang wringing. IF your mods are that abusive for a large sub, you’ve got way bigger issues. Which, if it did ever happen, is something that “forking” would solve. Mod on a power trip? No problem. Fork the community.
I was more thinking about people wanting to ruin things by importing huge communities to small instances, consuming their space and resources, and making it confusing to people to know which one is the “legit” community.
And if you limit this feature to admins, then requesting communities is already possible from admins on most of the instances, so that covers the transfer. Fork/split (what is the difference, btw), as I said, can be done manually now.
Importing a community is the one use case remaining, but I see why it’s not a priority for the Lemmy devs, there is bigger fish to fry at the moment (multicommunities for instance)
Any game released for a past console generation whose PC version still just works on modern systems. I like my classic console collection but I’m not jumping through hoops to connect an old console to a modern display. I just play the PC version or possibly even emulate. Yeah, Windows can be a chore at times but Steam Deck brought 90% of console convenience to PC games.
The ability to ignore votes from other instances using an allow list. The ability to ignore votes in communities from unsubscribed accounts.
I see that your not talking about a Lemmy instance but a ui of a Lemmy instance. I think the biggest improvement from a UI perspective is button placement and confirmation messages for actions.
For instance, separate the delete post button from the edit post button and have a confirmation message for deleting a post so mistaken button presses aren’t permanently unrecoverable.
But the buttons being too close is still annoying. That’s only one example of buttons being too close too. A moderator can ban someone from a community and accidentally appoint that someone as a moderator. And confirmation messages for uncommon actions is just good UX too.
I think there’s also a weird and inconsistent mix of buttons shown by default and hidden under a dropdown menu. There are many added clicks to do a lot of things for no gain.
I think there’s also a weird and inconsistent mix of buttons shown by default and hidden under a dropdown menu. There are many added clicks to do a lot of things for no gain.
Binding keys to talk shit in chat on TFC. Hitting k and having “Pullllll” drop into chat after bouncing someone in the air with a rocket and finishing them with a shotgun blast was peak gaming.
kbin.life
Active