deleted by creator

These are very subjective arguments, and even the objective points are completely subjective depending on your distro.

I mean one of his arguments is that C++ is just inherently insecure. He just takes Microsoft’s claims at face-value that all their pointless shit is the magical security wall that it claims to be. He buys into the same lie that ACE on a Windows, Mac or Android is somehow much much safer than on Linux. Most of his claims that other OSes are more secure are rooted in “well yeah they do exactly the same but at least they knooow they do”.

I’m not even acknowledging ChromeOS - it is Linux, except it only runs a browser.

99% of this stuff also applies to Windows/MacOS/Android/iOS, except moreso and far more universally. And 90% of this stuff is only relevant if you’re being targeted by some state-funded intelligence like the CIA (cold reading your RAM?? minimum 16-character password?? Keystroke fingerprinting???)

So whatever, I think the hardening guide looks fairly accurate, but unless you’re being spied on by world powers, I wouldn’t consider it worth peoples’ time to read, never mind implement. 90% of people are still going to be more secure by cluelessly using Linux instead of cluelessly using the others.

I’ve had a hot take for a while now that Linux isn’t “more secure” than other operating systems like a lot of evangelists will claim. I think people get this impression because the user base for desktop Linux has been small enough that no one was writing malware targeted at us.

Unix’s security model was developed in a world where the primary concern was protecting the system from users and protecting users from each other. It wasn’t really designed for single-user systems where the main concern is protecting the user from their own applications.

I highly value Madaidan’s input on the matter and also their work on projects such as Kicksecure and Whonix. Furthermore, it’s clear that Desktop Linux hasn’t been able to combat all the pain points that were mentioned in the article. However, we’ve definitely come a long way since and there’s lot to be optimistic about; secureblue to name a thriving project.

But, while I appreciate how the article continues to draw awareness to the fact that Desktop Linux isn’t as secure as some like to think, the write-up is ultimately bound to be (severely) outdated at some point. And, perhaps, we might already be past the point in which it does more harm than good…

Anyhow, I’d like to take this opportunity to promote a platform that actually continues to deliver up-to-date articles about security on Linux: https://privsec.dev/posts/linux/

As someone who did use this guide as an exercise in making my setup as secure as it could be without changing distros or hampering productivity, a few words of advice:

• Make a threat model for yourself before diving in and apply the mitigations judiciously. It’s not exactly a checklist, just use something secureblue or Qubes if you are really paranoid about your computer.
• The majority of the mitigations ‘just work’ and have no noticeable impact on performance, battery life, or compatibility.
• If your CPU/Memory performance widget breaks, dial back on the ptrace options
• If Flatpaks fail to launch, dial back on the namespace options
• Check back every so often because some of the options end up having unwanted side-effects with updates. See the preamble in boot parameters, where a change in Linux made in 2021 (which finally made it into Debian Stable this year) made the slub_debug mitigation actually worsen security.

OpenBSD?

And that is why all traffic facing servers are running windows and macos.