@strypey I think it's a matter of relativity. Yes, there're quite a few shortcomings of the Linux model for desktop regarding sandboxing. The problem, of course, is that the same (and much worse) can be said for all the more widely-used desktops out there. Added security results in added complexity and reduced usability. I'd argue that most of the attack vectors described are low risk for the typical scenario of a computer that is almost exclusively used by an individual + a few trusted people.

@lightweight I agree with you on this. Other operating systems such as Windows, MacOS, and BSDs all have these flaws too to varying degrees. I don't know of a single, production-ready, general purpose OS that isn't written in C.

Also, with Wayland on the way, that whole Flatpak/X11 issue is also quickly becoming a non-issue for many users.


@jbauer @strypey here's hoping. I want to give Wayland a proper spin, but haven't done so yet...

@lightweight @strypey true, making a desktop secure through the required implementation of policies would make certain things inconvenient. I see one of the points the author making is that desktops will be left insecure most of the time. For example, all it takes is installing some userland software (be it flatpak) which is vulnerable or itself malicious.

Sign in to participate in the conversation
Mastodon - NZOSS

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!