Secureblue: Is This the Most Secure Linux Distro?

Yes but my problem is when “experts” begin attacking FOSS, decentralization, and software freedom in general and act like we must all abandon our ideologies and support big tech companies or else we’ll inevitably get hacked, or even worse exaggerating the insecurity of anything. It gets annoying being told that the Google Pixel phone for example is the “only way” or F-Droid being a “security nightmare” for simply allowing third-party repos (in that case, Obtainium would be security hell). Especially when some users make Madaidan look like Richard Stallman.

I care about security but I don’t need to abandon my “ideologies”, support companies I hate, or change my setup to an unusable one like GNOME (unusable for me at least).

From my perspective this is all coming out of left field and frankly I’m not sure what in this thread you’re responding to. secureblue is a FOSS project… GrapheneOS is a FOSS project…

Google Pixel

It’s the only phone that meets the reasonable security requirements of GrapheneOS. That doesn’t mean you have to use it.

F-Droid being a “security nightmare”

F-Droid is a less secure option than alternatives. That doesn’t mean you can’t use it.

I care about security but I don’t need to abandon my “ideologies”, support companies I hate, or change my setup to an unusable one like GNOME (unusable for me at least).

Option A could be nonfree but architecturally more secure than Option B, a FOSS but less secure alternative. The facts of the matter aren’t an attack on your preferences or ideology. How you incorporate information into your decision making is up to you.

Yeah, ultimately if you think that enterprise security solves the same needs that the average user needs solved, then we just won’t be aligned on that point. Somewhat relates to https://www.kicksecure.com/wiki/Miscellaneous_Threats_to_User_Freedom#Freedom_vs_Tyrant_Security

People can’t help but bring GrapheneOS into every topic and it’s usually best to not engage

Yeah, ultimately if you think that enterprise security solves the same needs that the average user needs solved, then we just won’t be aligned on that point.

It isn’t something that I think. It’s the reality of how these systems work. It’s the same potential vectors, and often literally the same components (like with the linux kernel). It boils down to whether users have something worth protecting in the same way that enterprises do. Like I said, I think they do.

I encourage high quality open courses like https://youtu.be/GqmQg-cszw4

General Threats to User Freedom

To me this is about as out of left field as the other post

Nothing I said has anything to do with restricting user freedom, at all. Enterprise security guidance largely doesn’t conflict with FOSS values, and in particular the guidance I’m referring to. I’m not advocating whatsoever for this so-called “tyrant security”… The objective for secureblue is precisely the opposite in the sense that the goal is to give people who do want to use a FOSS system on their desktop a relatively secure option to do so. So, I don’t see the relevance here at all.

People can’t help but bring GrapheneOS into every topic and it’s usually best to not engage

Understood, thanks

That’s the point I was saying, so yeah?

What’s funny enough is I’ve been studying cyber security and already ran through this course. Glad to see it’s SecureBlue(ish) recommended!

So what’s the next best (or least worst) thing? A Samsung that doesn’t even support bootloader relocking? A Fairphone that’s notoriously insecure but happens to support CalyxOS?

Less secure than Obtainium and the Aurora Store?

I’m convinced GrapheneOS is a necessary lesser evil for now.

I agree with this. At least Secureblue’s security hardening doesn’t conflict with FOSS values unlike Apple and Microsoft security.

Yes and it shouldn’t be.

Here is perhaps a better and more relevant analogy than a doctor, and one I know something about: functional safety engineering.

In order for machines to be useful they must do work and work inherently creates hazards, so the goal of industrial safety is to get machinery to a point of “acceptable risk.” We explicitly reject utopian visions of a world without risk, but we also reject visions of safety that go against predictable human behavior. In doing risk assessment, you account for the inherent risk, but you also account for exceptional situations (cleaning, maintenance, troubleshooting, resetting) and we account for different kinds of people (colorblind, non-English speaking, no industrial experience, passerbys). In addition, you have to account for misuse: when “user shoots foot” not because he is an idiot but because his behavior was readily predictable (he made a decision of elevated risk because it made his job easier, faster, more productive, more comfortable). Once you assess risk you go through a risk reduction process where you design away hazards, guard against hazards, warn against hazards, etc. in order to reach an acceptable risk. In this process you have to be careful because designing a guard that makes work frustrating encourages misuse and motivates people to bypass, and the majority of industrial injuries happen from bypassed safeguards.

By analogy, in software, to do useful things you need to have powerful systems with sensitive information that would be dangerous to exploit. There are known categories of security hazards which you should work proactively against, preferably designing them away. For example, using a memory safe language or a hardened memory allocator to eliminate entire categories of security risk. At the same time, if users find that it makes their lives difficult, they won’t do it. Many people shut off their firewall when frustrated from troubleshooting for example.

So I have a hybrid view between @jonah and @RoyalOughtness. Getting someone from totally hazardous to pretty good is a win, even if long term you should always be pushing for better. A project like secureblue is great for that because forward-thinking users will do the legwork to figure out how to make things as good as possible and over time it will likely get easier and more user-friendly to manage as these practices get integrated into people’s habits, much like Graphene was a learning curve for a lot of people but the ecosystem benefits from that.

Having a project that is totally focused on security this allows more indifferent people (say, those who release AppImages for convenience) to have some targets for best practices.

To me, it is a no-brainer that we need a project like this, and Jonah is the reason I know about it

This was very insightful, thank you for sharing .

PrivacyGuides’ Why Privacy Matters page highlights how essential information is in our lives, and I would agree this information can be just as valuable as enterprise data.

Privacy is ultimately about human information, and this is important because we know that human information confers power over human beings. If we care about our ability to be authentic, fulfilled, and free humans, we have to care about the rules that apply to information about us. So much of our modern society is structured around information . When you shop online, read the news, look something up, vote, seek directions, or really anything else, you are relying on information. If we live in an information society, our information matters, and therefore privacy matters.

That part may have been written by Jonah himself!

That does seem to be the point of secureblue, users prioritize Linux first and security second.

This is me

This is also me. There are many reasons I’m still using Windows, but this is certainly one of the many.

1. Although it just happened to me because of a Windows update (and probably my manufacturer’s fault as well), I want the OS I’m using to be working without any issues at all. I don’t want random bugs happening. Convenience is major, although the past year of Microsoft has been tipping me into at least dual booting.
2. Learning curve. I’m used to Windows and all of its shortcuts. This is also major to me.
3. Compatibility. I am a user which uses many different programs. A good amount of these programs do not exist on Linux. Some do not have equivalent at all.
4. Gaming. No need to develop here.

Edit: This is yet another example why I still think I will be running hardened Windows11: Fedora is not a user friendly Linux Distro

Gaming. No need to develop here.

In the past this would have been the strongest point on the list. Nowadays it’s arguably the weakest. Thanks to Valve’s significant investment into development of Proton, gaming on linux is way better than it was even a year or two ago. That is if you don’t play games with kernel-level anticheat, which admittedly is a lot of popular online games. https://www.protondb.com/

hardened Windows11

A properly hardened Windows system with enterprise policies is a solid option. The main difficulty with it is rolling out the hardening correctly and avoiding low quality guides and third party scripts.

Can you please provide either closed captioning or a transcript of this video?

Apologies the PeerTube version of the video appears to be missing the closed captions, however the YouTube version does have closed captions and a transcript.

can u suggest any guide ? im interesting for your opinion

Been testing Secureblue with Sway on a VM just for simple web browsing and streaming and I kinda like it. Will try and install it on my laptop.