Comment by codedokode
15 hours ago
This highlights the problem with legacy desktop OSes like Windows, Linux and MacOS: they allow a random program from Internet to get full access to the computer. Windows and Mac display a warning that the program might be malicious, but how is the user supposed to check it? Do Windows and MacOS developers expect every user to disassemble the program? That's just shifting responsibility instead of solving the root issue.
And Linux has no warning and no button to check the program with antivirus before running. How worse could it be?
In comparison, on Android and iOS there are sandboxes, and you can run any program relatively safely as long as you don't grant dangerous permissions and your kernel is not outdated. And even if you grant permissions, the malware still won't be able to read your browser cookies or the messages in your Matrix client.
Linux needs to be better that this. Linux seems to be built on presumption that you either download the code from official repository you trust, or write your own, and doesn't support safe execution of third-party or closed-source programs. For example, if you run proprietary software, it might scan through your data, silently collect your hardware identifiers (like motherboard serial number) to better track and identify you and Linux does not prevent this.
You can use VMs for sandboxes.
Linux main feature is that you are free to do anything you want.
Linux does verify signatures for packages from official repos.
Linux has features like SELinux and AppArmor.
If you want to install a random package, you are free to do and its your responsibility. Equivalent is side loading in android.
On iOS Apple doesn't even let you have full Firefox... That is wrong. And yet, there have always been exploits.
I thought about VM but it would be pretty expensive and require lot of RAM (which is not cheap nowadays and not always upgradeable on laptops. How would you upgrade your 8 Gb MacBook?) and CPU overhead to emulate the hardware and run one more kernel. The program in VM would not be able to use OpenGL/Vulkan, access the audio card with low latency (for working with audio), connect to DBus (to interact with other software).
I actually ran Windows games like Cyberpunk in qemu on a Linux host without performance loss, but that required adding a dedicated GPU for guest and to use realtime audio, one needs to pass through an audio card into the guest.
Furthermore, the CPU already provides a "sandbox" (isolated memory) for processes. The problem is that Linux allows the program to ask the kernel to do anything.
> Linux has features like SELinux and AppArmor.
Neither SELinux not AppArmor allows to show a question "would you like to allow program N to access your microphone" or "would you like to let the program connect to github.com? (Yes) (No) (With decrypting SSL traffic)". They look like they are made to comply with some outdated standards from 80s.
The best you can do today is either write your own sandbox around Linux namespaces (very complicated), or try lightweight VMs like Firecracker, or paravirtualization (like VM but with a shared kernel). Those solutions are made for server use, not for desktop, and require lot of work and programming.
> If you want to install a random package, you are free to do and its your responsibility. Equivalent is side loading in android.
I want to install random packages and still be safe. That's the point of installing an OS, to be able to run random programs on the computer.
> Neither SELinux not AppArmor allows to show a question "would you like to allow program N to access your microphone"
Permissions on microphone device would work, build your own UI / virtual device or generate one with claude if you really want popups.
> "would you like to let the program connect to github.com? (Yes) (No) (With decrypting SSL traffic)"."
I actually have something for this. Firewall everything blocked, domains unblocked via DNS request if I allow them.
Linux is very powerful here compared to iOS - can you block specific domains there?
> The best you can do today is either write your own sandbox around Linux namespaces (very complicated), or try lightweight VMs like Firecracker, or paravirtualization (like VM but with a shared kernel).
What do you think the sandbox on ios/android is?, still a vm/namespace/container...
> require lot of work and programming.
Sure, but you learn.
> I want to install random packages and still be safe. That's the point of installing an OS, to be able to run random programs on the computer.
That's not true anywhere. I would not feel safe with random apks or random store entries on android OR iOS. On iOS i lived through the whole 'access a webpage to get jailbreak' phase... with no way around it since mandatory safari
So, other OSs just give you the impression of safety. And you're locked. (iOS with safari...)
On Linux you are free, up to your capabilities.
4 replies →
I do not want my OS to tell me what i can and cannot do on the computer I bought, its as simple as that
I did not suggest that; what I suggested was that the programs should run in sandboxes.
> as long as you don't grant dangerous permissions and your kernel is not outdated
There's like 2 or maybe 3 phone models in the world without an outdated kernel in Android.
And then sure, Android and iOS sandboxing is better but in the same time, the quality of the apps and the vetting is 100x worse than your average Linux distribution so I'm not sure that makes up the difference.
In Linux there is no vetting. Does anyone verify proprietary AI agents like Claude Code? Software like VS Code? Games? They are distributed through random sites and cannot even be banned.
You could restrict yourself to the official repositories, but there is a limited selection of software. There are no closed-source software, like audio editing plugins, graphic editors, games, AI agents and so on. Even open-source software is often missing in official repositories.
There's vetting, apps like Facebook or Candy Crush would never past the most basic repository scrutiny if you made it Linux native and would never be included anywhere, even if they were made open source.
You can constrast that with the Play Store where just searching for ChatGPT brings you a fake app on top (and before you bring the appstore, it was the same there until they banned the keyword after some bad press)
And yeah it's up to you if you install something outside of repositories, it's your computer.
1 reply →