What is your desktop OS?

AelwennBZH

Android laptops are expected to come out in 2026, with a Qualcomm chip. That seems short given the current state of Android Desktop. And some Qualcomm chips are apparently not compatible with the Linux terminal on Android.

Eirikr70

AelwennBZH However, my target will be to use my phone with a lapdock, and I have time. I just don't want to renew my laptop.
Et vive la Bretagne !

AelwennBZH

Eirikr70

Yes, but if Google (and other partners) officially release an Android laptop, it means they consider desktop mode to be almost ready for production. And that seems unrealistic to me today...
I have time too, but a failed first release could have negative consequences for the future.
Vive la Bretagne 😎

Eirikr70

AelwennBZH Qui vivra verra (mon breton est très balbutiant donc je vais me limiter à la langue du petit pays coincé entre la Bretagne et la Belgique).

Byteang3l

An extremely debloated windows with simplewall firewall, BitDefender, and a good VPN. It's really only for gaming, I would never trust any version of windows for anything sensitive, that's what GrapheneOS is for in my use case.

Eirikr70

Byteang3l Be aware that Steam has developed components that permit playing on Linux for the majority of the games. That's what I do.

Byteang3l

Eirikr70 yeah, I gave them a try and I was really only able to get BeamNG Drive and indie games working. Anything AAA with a launcher got stuck on the launching executable stage, although since it's Linux I'm willing to accept I didn't configure something right, but I spend most of my day dealing with tedium at work and when I get home I just want things to be easy and enjoyable. And to be honest, debloated windows with a deny by default firewall was a self compromise between my privacy ideals and just wanting things to work lol.

Alvyn

23Sha-ger but this is again security compromise. You can run mac without apple id, but you cannot install apps from the appstore which has best sandbox. You can install apps from web or homebrew but this has less security.
To have max security on Mac = apps only from app store.

Alvyn

I would not recommend Secure Blue as production OS. It is still alpha development. There could be bugs and its not user friendly at all. Just my experience.

r134a

Alvyn I'm not an expert whatsoever, but i'm a hobbyist selfhoster. I selfhost different services from a server in my basement with proxmox as a hypervisor. In the past i choose to deploy some services with docker on lxc's on proxmox because of the low resource usage (hence lower electricity costs). However a while ago i learned that lxc's with docker running especially, aren't that isolated from the host.

Since, i migrated all services deployed with docker on lxc's, to a secureblue vm and switching them from docker to podman rootless. Again i'm not an expert whatsoever, but i believe i greatly improved security by riding of the implementations done to secureblue by people more knowledgable then me, aswell as switching from docker to podman rootless. I have this setup now for +- a year, and till now it has been rock solid stable...

TrustExecutor

r134a Interesting. You mean Securecore right? Secureblue hardened Fedora CoreOS.

Linux

p-marg Linux

https://secureblue.dev/articles/flatpak

https://github.com/secureblue/secureblue/issues/193#issuecomment-1953323680

https://secureblue.dev/faq#appimage

This commend is nice, but I would prefer to go through the permissions and filter manually.
I hope some distro implements a feature that auto opens Flatseal on every app installation and forces permission checking before first run.

n3t_admin Flatpak is not a real sandbox as in not being enforced by the underlying OS (which is a must for a real sandbox, otherwise apps can escape the sandbox by just being configured that way - which they do).

Do you still refer to permissions that allow sandbox escaping?
Other platforms like Android also allows apps to request extremely powerful permissions like accessibility service, adb access or even device admin.
The main problem is that Flatpack permission are opt out and not opt in.
Yes, this has to change in the future, but for now we first need to establish Flatpack as a packaging format.

n3t_admin

Linux The main problem is that Flatpack permission are opt out

Yes, that's why I wrote that it isn't a real sandbox in my comment above. A sandbox that is opt-in is not a sandbox. Apps that won't abuse permissions don't need a sandbox anyway, from a malware point of few.

p-marg

Linux Secureblue allows Flatpak permissions to be set as opt-in instead of the default opt-out behavior, I agree, it should be opt-in by default.

Linux

n3t_admin Yes, that's why I wrote that it isn't a real sandbox in my comment above. A sandbox that is opt-in is not a sandbox. Apps that won't abuse permissions don't need a sandbox anyway, from a malware point of few.

On the technical level it has everything that a sandbox needs, the problem is the implementation.
And if an app requests invasive permissions it will not get installed by most people because Flathub flags this as unsafe and probably also attracts suspicion from people who then will examine it.

r134a

TrustExecutor No, i actually went with a secureblue vm as was not really familiar with coreos yet. However i might migrate again from a secureblue vm to securecore vm when time permits, as securecore seems indeed more minimal / less attack surface? with only one specific purpose in mind, containerized workloads.

TrustExecutor

r134a
Ah.there is a lot of moving parts in a desktop OS though. If you are linux literate you can always try an Alpine VM with hardened_malloc as it is in the Alpine community repos. And then lock it down with apparmor profiles and other hardening.

simplenot

Fedora KDE

gta3

Ubuntu linux

Hathaway_Noa

Dual boot:

Windows (veracrypt)

Ubuntu Linux (LUKS)

Phone: GrapheneOS

« Previous Page Next Page »