• Not all distros ship SELinux and the ones that do, don’t actually configure it securely.

  • New users are expected to keep copying and pasting commands from their browsers to their terminal which compromises some Linux security defenses.

  • KDE, GNOME and Sway are the only functional Desktop Environments/Window Managers that support Wayland all, while the Other DEs are not even close to shipping with Wayland.

  • Most if not all of the Linux Distros in 2025 ship with Grub bootloader, which suffers from a lot of problems, instead of using the bootloaders that does not support BIOS and will improve the reliability of booting and provide a more stable experience.

  • anamethatisnt@sopuli.xyz
    391·
    2 days ago
    • Most users don’t need SELinux and aren’t expecting anything more than firewalld. Those that do have the option to enable and configure it.
    • New users are expected to keep using their distributions app store (Discover for KDE, Software for GNOME) not randomly run code in their terminal that they don’t understand.
    • That’s quite a lot more choice than other OSes offer.
    • What problems would that be? Grub works just fine for me.
      • anamethatisnt@sopuli.xyz
        14·
        2 days ago

        Honestly I simply found the statement to give very little to discuss.
        Regarding editing the Kernel command line; that would require that you already have access to your Debian install and have the rights to edit the Kernel command line.

        Regarding your link in general I find myself at odds with development practices that removes my own agency. I can see how for many end-users it’s good, just like how most car owners shouldn’t try to fix their car troubles themselves, but I would start looking for another OS if it starts pulling auto-updating á la Windows.

        • mormund@feddit.org
          2·
          1 day ago

          No. You can edit the Kernel command line directly from GRUB before booting into anything else. That is the default behavior (with Debian).

          Yes, it is more aimed towards “casual” users that want something that just works. But auto-updating policy is not really the point of the blog. Every distro is deciding that by themselves and will always be able to.

          • Sprocketfree@sh.itjust.worksEnglish
            4·
            1 day ago

            Why would I care about someone having physical access and able to modify grub even? Full disk encryption blocks any actual access to the data on the machine and if they already have physical access they can put a nail in the HDD. Point being they aren’t accessing the data. Not sure what more you’d want.

            • nous@programming.devEnglish
              3·
              1 day ago

              The attack is known as the evil maid attack. It requires repeated access to the device. Basically if you can compromise the bootloader you can inject a keylogger to sniff out the encryption key the next time someone unlocks the device. This is what secure boot is meant to help protect against (though I believe that has also been compromised as well).

              But realistically very few people need to worry about that type of attack. Encryption is good enough for most people. And if you don’t have your system encrypted then it does not matter what bootloader you use as anyone can boot any live usb to read your data.

            • mormund@feddit.org
              1·
              1 day ago

              Full disk encryption is non standard and a PITA without a secure boot chain where the disk can be unlocked by the OS itself. If you have fun tinkering with your OS go nuts, but I want something that works every time even if install it for my mom. The current distro offerings aren’t that.