Best Secure Linux Distros for Enhanced Privacy & Security

As we transition to an increasingly digital society, privacy and security have become areas of central concern – not a day goes by that we aren’t bombarded with security news headlines about hacks, breaches and the increasingly common and worrisome practice of storing and monitoring sensitive personal information, often without users’ consent. Luckily for us Linux users, the general consensus among experts is that Linux is a highly secure OS - arguably the most secure OS. While all Linux “distros” - or distributed versions of Linux software - are secure by design, certain distros go above and beyond when it comes to protecting users’ privacy and security. We’ve put together a list of our favorite specialized secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great. This article aims to help you evaluate your options and select the distro that best meets your individual needs.

today's leftovers

• Call for Papers Open for openSUSE Conference

  The call for papers is open until May 4. This leaves a little more than 60 days to submit a proposal. The dates of the conference are scheduled for June 18 - 20. Registration for the conference has also begun.

• [Arch] FOSS Activities in February 2021

  The start of this month was marked with FOSDEM! I held a talk about secure boot and the tooling stuff I have written, sbctl. It’s a tool to help you manage secure boot keys and signing files. With help from sbsigntools it also does live enrollment of keys. The talk went great (I think) and it was fun to see how FOSDEM pulled off the conference with matrix and jitsi. I gave me some inspiration for Arch Conf 2021 that I should try kick off some planning on.

• Linux Championed Work From Home Before Everyone Else: Greg Kroah-Hartman [Ed: This is a revisionist load. GNU predates this. Linux and LF trying to delete GNU from history…]

  Linux kernel is the world’s largest collaborative technology. It’s created by thousands of people from around the world, working together from the comfort of their homes, just via email. In this episode of TFiR Insights, we hosted none other than Greg Kroah-Hartman, the leading Linux kernel developer and maintainer of the stable branch. We discussed a wide range of topics including work from home and the progress Linux has made over the years.

Apache Monthly Report and OSI Approves Proprietary Software as 'Open' (Openwashing)

• Apache Month in Review: February 2021

• Approved: Four New Open Source Licenses

  As the steward of the Open Source Defintion, the Open Source Initiative has been designating licenses as "open source" for over 20 years. These licenses are the foundation of the open source software ecosystem, ensuring that everyone can use, improve, and share software. When a license is approved, it is because the OSI believes that the license fosters collaboration and sharing for the benefit of everyone who participates in the ecosystem. The world has changed over the past 20 years, with software now used in new and even unimaginable ways. The OSI has seen that the familiar open source licenses are not always well-suited for these new situations. But license stewards have stepped up, submitting several new licenses for more expansive uses. The OSI was challenged to evaluate whether these new concepts in licensing would continue to advance sharing and collaboration and merit being referred to as "open source" licenses, ultimately approving some new special purpose licenses.

• Cryptographic Autonomy License Approved by OSI

  The controversy over the scope of copyleft these days remains brisk. Regarding CAL, it was so heated that OSI founder Bruce Perens resigned in protest, as the license approached approval. There is a also a larger controversy over whether copyleft licenses written by single companies, and not part of the community drafting process, should be approved, regardless of content.

• Singapore reveals open-source blockchain COVID-test result tracker, eyes uses as vaccine passport app [Ed: Openwashing surveillance and Orwellian stuff, as has become common]

  Singapore has proposed a blockchain-based document verification system developed by its GovTech agency to provide proof of recent negative COVID-19 tests, and hopes it becomes used to offer proof of vaccination status around the world. Named "HealthCerts", the system is based on open-source framework known as OpenAttestation that uses blockchain to issue cryptographically trustworthy documents. The technology is already applied by some local universities to issue and authenticate diplomas. [...] From that date travelers planning to leave Singapore will book in for a COVID PCR test before they fly. Results will be uploaded to a government website and aspiring tourists will then go online to request the results be notarised by the Ministry of Health. If approved, the QR code linking to the notarised digital certificate will appear in SingPass Mobile, the nation's app for consuming digital government services.

Programming Leftovers

• DRY enums for Absinth macros

  Absinth is a great GraphQL library for Elixir, but it brings a few challenges as it’s practically implemented using macros. One of these challenges is a DRY way of reusing enumerables in Absinth enums. [...] The only thing we had to do is to use require to require the module beforehand.

• Gzip::Zopfli - another compression module

  Following on from the Gzip::Libdeflate I mentioned before, I also made this: Gzip::Zopfli It is based on the Zopfli gzip compression library from Google Research.

• Weird architectures weren't supported to begin with

  You don’t know about any of the above until the bug reports start rolling in: users will report bugs that have already been fixed, bugs that you explicitly document as caused by unsupported configurations, bugs that don’t make any sense whatsoever. You struggle to debug your users’ reports, since you don’t have access to the niche hardware, environments, or corporate systems that they’re running on. You slowly burn out as an unending torrent of already fixed bugs that never seem to make it to your users. Your user base is unhappy, and you start to wonder why you’re putting all this effort into project maintenance in the first place. Open source was supposed to be fun! What’s the point of this spiel? It’s precisely what happened to pyca/cryptography: nobody asked them whether it was a good idea to try to run their code on HPPA, much less System/3906; some packagers just went ahead and did it, and are frustrated that it no longer works. People just assumed that it would, because there is still a norm that everything flows from C, and that any host with a halfway-functional C compiler should have the entire open source ecosystem at its disposal.

• Woodruff: Weird architectures weren't supported to begin with

  William Woodruff has posted a rant of sorts on the adoption of Rust by the Python Cryptography project, which was covered here in February.