Hacker Neue

Preferences
subscribed parent
That's certainly an interesting standpoint.

I use both privately and professionally and while I accept that security-wise (even with selinux) they feel lacking, feature-wise they far exceed Windows I use as my other is except in gaming experience.

I wish I had something like GrapheneOS on desktops (yes I know about Qubes)

sedatk
> feature-wise they far exceed Windows

I tried Ubuntu last year, and it felt very limited compared to Windows. It lacked very basic features like face/fingerprint login, hybrid sleep, factory reset, live FDE (or post-installation FDE), fast fractional HiDPI, two-finger right-click, "sudo" on dock etc.

mathverse
There is https://grsecurity.net/ but it's not free. It's developed by people with much more experience defending against attackers than all of the other projects combined.
BenjiWiebe
Looks like grsecurity has a different view of ethics than I do.

Just searching grsecurity on HN turns up some interesting stuff.

bee_rider
Who are they?
lima
Chromium OS gets very close, they also have fully-functional VM-based isolation for Linux applications with GPU acceleration.

Unfortunately, there's no popular non-Google distro of it.

londons_explore
The fact that Chromium OS has been teetering on the edge of deprecation/merging with Android/Fuchsia for a decade I think has deterred people from building stuff on top of it.

It also seems to have a lot of new code every year for very few new features. It's as if they get every new intern to rewrite a bit of the innards, and then next summer another intern rewrites it again.

p_l
OTOH, it was used for multiple container-optimized distros by now:

First CoreOS, which forked into Flatcar Linux (now funded by Microsoft) and Fedora CoreOS (rewrite from Gentoo/ChromeOS base to Fedora base), and Google's Container-Optimized System (used heavily in Google Kubernetes Engine).

surajrmal
A lot of code to do very little user visible changes is the nature of operating systems. Making light of the work who work on chromeos just makes you sound ignorant.
IlikeKitties
> I wish I had something like GrapheneOS on desktops (yes I know about Qubes)

SecureBlue and Kicksecure are the closest equivalents.

arbll
Don't know much about SecureBlue but Kicksecure isn't comparable to Qubes at all. It's a hardened distro, not a way to isolate workloads through virtualisation. Depending on what you're trying to achieve they can both fit but they are fundamentally very different in their approach to security.
IlikeKitties
> I swear to god reading comprehension is approaching zero due to chatgpt.

> I wish I had something like GrapheneOS on desktops

Secureblue is essentially as close to GrapheneOS as Desktop Linux can get. Neither my response nor the original question required qubes comparisons. It was merely mentioned.

3abiton
What's their selling point compared ro Qubes?
IlikeKitties
https://secureblue.dev/ https://www.kicksecure.com/
fsflover
Qubes isn't mentioned on these pages.
IlikeKitties (dead)
mathverse
No the closest alternative is https://grsecurity.net/
IlikeKitties
Factually wrong from that very site

> grsecurity® is the only drop-in Linux kernel replacement offering high-performance, state-of-the-art exploit prevention against both known and unknown threats.

While secureblue is a full desktop distro (not just a kernel) that integrates key grapheneos hardening tools like their hardened malloc and forks of their hardened chromium and works with flatpak as a base for hardened application deployment.

grsecurity does literally none of that.

mathverse
Yes grsecurity offers actual hardening instead of touting snakeoil.
IlikeKitties
You are literally saying that hardening the kernel is the same as having the desktop environment hardened and a basis for app isolation. And to add a cherry on top of that both secureblue and kicksecure use almost all the same hardening additions to the linux kernel as grsecurity.

You do not understand what you are talking about because if you did you'd be embarrassed for how braindead your response is.

mathverse
Name the additions.
udev4096
Qubes is definitely hard to daily drive. With it's ancient default XFCE design, it looks really ugly. Plus no hardware acceleration
fsflover
What's hard about it exactly? It's my daily driver. You can install KDE, too: https://forum.qubes-os.org/t/kde-changing-the-way-you-use-qu...
throawayonthe
same! qubes is probably the actual solution for now, but i've seen some grapheneos people work on https://secureblue.dev/ and that seems a lot more "normal"
udev4096
I have been meaning to try out secureblue and hopefully even run it on production VMs in proxmox. Is it stable yet?

This item has no comments currently.