User:Pursuable1652
Hello, I'm Pursuable1652 and I helped make these wiki pages:
- https://wiki.alpinelinux.org/wiki/Hardened_linux
- https://wiki.alpinelinux.org/wiki/DM-verity
- https://wiki.alpinelinux.org/wiki/Silent_boot
- https://wiki.alpinelinux.org/wiki/Hardened_malloc
My main goal is to secure linux more, and better (and as a side-affect, very different) than traditional linux distros. My guide is more suited to a server use-case, rather than desktop.
The guides still apply to both server and desktop, but desktop has a bigger attack surface usually, because an app ecosystem must be incorporated with security as its designed (compared to server which could just be dockerized + gvisored or virtualized).
Flatpak on desktop is somewhat flawed because it's allow-permission first, rather than deny-permission first.
It might be thought of as, you compile the software, the software is open-source, so it must be secure, right? (That is not true, because software, especially software with bigger LOC (lines of code), will be more complex, thus may have more bugs that are hard to detect from the human-eye, and these bugs may do any rogue things to your system.)
Desktop may have a more harder way of controlling the security of software, since you need the support of an app ecosystem already working on a predefined-security focused platform, so not all apps are just running without a sandbox/vm (ideally without a VM (run all in sandbox) or maybe just one, because of performance loss).