I agree with the broad points. Nits: In clang, and soon gcc. (If you build your packages from source, you may apply these flags to them.) qubes Grsecurity is not really a good faith actor; I would...
(If you build your packages from source, you may apply these flags to them.)
virtualisation
qubes
links to grsecurity
Grsecurity is not really a good faith actor; I would not cite them. The ‘13-year-old techniques’ referred to in the linked tweet are vulnerabilities that grsecurity has hoarded (rather than report to upstream), and sells patches for.
I love using Linux on the desktop for many reasons despite its insecure architecture. This article from a Whonix developer and GrapheneOS contributor explains how Linux is behind when it comes to...
I love using Linux on the desktop for many reasons despite its insecure architecture. This article from a Whonix developer and GrapheneOS contributor explains how Linux is behind when it comes to (mostly desktop-oriented) exploit mitigations.
Other articles worth checking out on madaidan's site take a critical look at Firefox and OpenBSD. He also has a good Linux hardening guide.
I agree with the broad points. Nits:
In clang, and soon gcc.
(If you build your packages from source, you may apply these flags to them.)
qubes
Grsecurity is not really a good faith actor; I would not cite them. The ‘13-year-old techniques’ referred to in the linked tweet are vulnerabilities that grsecurity has hoarded (rather than report to upstream), and sells patches for.
I love using Linux on the desktop for many reasons despite its insecure architecture. This article from a Whonix developer and GrapheneOS contributor explains how Linux is behind when it comes to (mostly desktop-oriented) exploit mitigations.
Other articles worth checking out on madaidan's site take a critical look at Firefox and OpenBSD. He also has a good Linux hardening guide.