Hi, Im searching for a secure distro for normal daily use for my laptop. Currently Im running arch linux with full disk encryption, secure boot, linux hardened, firewalld and most apps as flatpaks (with some disabled permissions using flatseal). I think its pretty secure laptop but it could be more secure.

Tails and Whonix are the most secure but they are not ment for normal daily use…

There is a lot of new immutable distros. Getting (system) malware is harder to get on them. Im most interested in blendOS, because its based. Does anyone know if it has full disk encryption, secure boot, etc. or can it be done by the user? What about other distros like Fedora Silverblue?

Any other recommendations?

Thank you :)

    • @throwawayish@lemmy.ml
      92 years ago

      an inflexible immutable distro

      Besides the somewhat unfortunate and false ‘immutable’ name, what makes them inflexible according to you?

        • @throwawayish@lemmy.ml
          112 years ago

          First of all, thank you for replying 💙 !

          Can’t install a new system package for most immutable distros without going through some magic incantation

          blendOS: Replace sudo pacman -Syu with system install

          Fedora’s ‘immutable’ distros: Replace sudo dnf install with rpm-ostree install

          openSUSE’s ‘immutable’ distros: Replace sudo zypper install with sudo transactional-update pkg install

          While Guix and NixOS offer somewhat similar functionality with their guix install and nix-env -iA commands respectively, usage of said comments are rarely done by advanced users as other means to install packages are more sophisticated. And in terms of how sophisticated installing a mere package can get, one might argue that Guix and NixOS are to ‘immutable’ distros what Gentoo is to mutable distros.

          And with that we just went over the ‘immutable’ distros that are prevalent in 95% of the discourse (besides Vanilla OS; but that one’s in a major overhaul) and none of the commands found above strike me as particularly hard. Though, of course, your mileage may vary.

          then doing a reboot

          I’ll just briefly mention that --apply-live exist for Fedora’s immutable distros if you like living on the edge. Furthermore, both Guix and NixOS don’t require a reboot in most cases. Finally, while the soft-reboot feature from systemd benefits all distros, one can’t deny how impactful it is to ‘immutable’ distros in particular.

        • @theshatterstone54@feddit.uk
          42 years ago

          Everything immutable is designed to be inflexible for the user

          laughs in NixOS being as flexible as Arch, having about the same number of packages and better stability, as well as offering rollbacks, a stable release if you want that breadth of package availability on a static release system, that also has a declarative configuration, making it far, far easier to set up over time, or on multiple machines

            • @theshatterstone54@feddit.uk
              32 years ago

              Still immutable. You can’t make a claim about all immutable systems, when some don’t follow the same principles and don’t necessarily have the same limitations. With SilverBlue you can still use rpm-ostree and I think it is also possible to install such packages on MicroOS, but I don’t know how.