• Not all distros ship SELinux and the ones that do, don’t actually configure it securely.

  • New users are expected to keep copying and pasting commands from their browsers to their terminal which compromises some Linux security defenses.

  • KDE, GNOME and Sway are the only functional Desktop Environments/Window Managers that support Wayland all, while the Other DEs are not even close to shipping with Wayland.

  • Most if not all of the Linux Distros in 2025 ship with Grub bootloader, which suffers from a lot of problems, instead of using the bootloaders that does not support BIOS and will improve the reliability of booting and provide a more stable experience.

  • anamethatisnt@sopuli.xyz
    351·
    10 hours ago
    • Most users don’t need SELinux and aren’t expecting anything more than firewalld. Those that do have the option to enable and configure it.
    • New users are expected to keep using their distributions app store (Discover for KDE, Software for GNOME) not randomly run code in their terminal that they don’t understand.
    • That’s quite a lot more choice than other OSes offer.
    • What problems would that be? Grub works just fine for me.
      • anamethatisnt@sopuli.xyz
        13·
        10 hours ago

        Honestly I simply found the statement to give very little to discuss.
        Regarding editing the Kernel command line; that would require that you already have access to your Debian install and have the rights to edit the Kernel command line.

        Regarding your link in general I find myself at odds with development practices that removes my own agency. I can see how for many end-users it’s good, just like how most car owners shouldn’t try to fix their car troubles themselves, but I would start looking for another OS if it starts pulling auto-updating á la Windows.

        • mormund@feddit.org
          2·
          9 hours ago

          No. You can edit the Kernel command line directly from GRUB before booting into anything else. That is the default behavior (with Debian).

          Yes, it is more aimed towards “casual” users that want something that just works. But auto-updating policy is not really the point of the blog. Every distro is deciding that by themselves and will always be able to.

          • Sprocketfree@sh.itjust.worksEnglish
            3·
            4 hours ago

            Why would I care about someone having physical access and able to modify grub even? Full disk encryption blocks any actual access to the data on the machine and if they already have physical access they can put a nail in the HDD. Point being they aren’t accessing the data. Not sure what more you’d want.

            • nous@programming.devEnglish
              1·
              1 hour ago

              The attack is known as the evil maid attack. It requires repeated access to the device. Basically if you can compromise the bootloader you can inject a keylogger to sniff out the encryption key the next time someone unlocks the device. This is what secure boot is meant to help protect against (though I believe that has also been compromised as well).

              But realistically very few people need to worry about that type of attack. Encryption is good enough for most people. And if you don’t have your system encrypted then it does not matter what bootloader you use as anyone can boot any live usb to read your data.

  • kbal@fedia.io
    12·
    8 hours ago

    Worst of all, root access is often granted to humans — a species known to be vulnerable to the most idiotic phishing scams you could imagine.

    • who@feddit.orgEnglish
      4·
      4 hours ago

      They might be referring to the fact that X11 allows things like user input snooping and screen scraping between processes. It’s a legitimate problem, and I think Wayland aims to address at least part of it…

      …but it’s impossible to tell what the author understands of issues like this, since their list of complaints is scattered, shallow, and poorly articulated. I think they would do better to open a discussion and start learning from it, rather than making a broad critical declaration to everyone here without supporting it.

  • HayadSont@discuss.online
    3·
    8 hours ago

    I will agree with you that Desktop Linux leaves a lot to be desired from a security perspective. But, I’m not sure if these are its biggest problems.

    Not all distros ship SELinux and the ones that do, don’t actually configure it securely.

    Is SELinux employed on Desktop Linux the very same way we find on Android? Unfortunately, no. So, there’s definitely a ton of mileage to be had here. But, there’s literally nothing that stops you from making a fortress out of it. So, the ones that are intimately familiar with SELinux will leverage it to perfectly suit their needs. Which, is the only truly sensible way one should use SELinux to lock their system. Being dictated by the defaults set by the distro is only a counterproductive exercise of comparing/contrasting threat models.

    New users are expected to keep copying and pasting commands from their browsers to their terminal which compromises some Linux security defenses.

    They’re absolutely not expected to do so. What makes you even think that’s the case?

    KDE, GNOME and Sway are the only functional Desktop Environments/Window Managers that support Wayland all, while the Other DEs are not even close to shipping with Wayland.

    This is your best point. I agree that other DEs should haste in supporting Wayland. Though, at least I find solace in GNOME and KDE Plasma being the most used DEs/WMs to begin with. Hence, even if only those two would support Wayland, we would still have allowed over half of Linux’ users to choose Wayland.

    Most if not all of the Linux Distros in 2025 ship with Grub bootloader, which suffers from a lot of problems, instead of using the bootloaders that does not support BIOS and will improve the reliability of booting and provide a more stable experience.

    Sorry, I’m not familiar with this problem/issue. Would you please be so kind to explain why I (or anyone else, for that matter) should worry about this? Like, what “problems” are we talking about? How is (allegedly) GRUB not reliable or stable compared to the others?

    Btw, just curious, what are your thoughts on secureblue?

  • smiletolerantly@awful.systems
    61·
    10 hours ago

    KDE, GNOME and Sway are the only functional Desktop Environments/Window Managers that support Wayland all, while the Other DEs are not even close to shipping with Wayland.

    What