Because I hate Electron
Since Linux tends to be inherently more efficient AND secure than WhenDoze it makes more sense to me to run Linux as the primary OS and put WhenDoze as in the VM. This has the additional benefit of making it easy to restore WhenDoze when it inevitably
shits itself.what do you mean you claim “more secure” here? secure in comparison to what, exactly?
@zwekihoyy If you look at any botnet on the net, it’s going to be 99.999% windows machines, always. If you look at machines compromised by Ransomeware, that happens to Linux but rare, common on Windows. Windows is like a 20 year old asphalt road, patches upon patches.
I know this isn’t Reddit, but r/peopleliveincities… When 90% of desktop users use Windows, it’s going to both be the most targeted by malware developers and have the highest chance of being operated by someone who doesn’t understand enough about computers to recognize that the shiny calculator app that just popped up after visiting a very legit Nigerian prince’s crowdfunding page probably shouldn’t need admin access.
And speaking of user error, I’m willing to bet that basic security practices like using full disk encryption, SecureBoot, some MAC layer (provided by antivirus on Windows, AppArmor/SELinux on Linux) and regularly applying security updates are way more common over in the Windows land - if I was in a situation where there was one completely randomly selected Windows PC and one also completely randomly selected Linux PC, and my life depended on being able to gain access to either of them (some kind of really messed up Saw trap? idk), I would definitely bet my life on the Linux one being misconfigured.
Don’t get me wrong, Linux can make for a very secure and private OS, but most installs most definitely cannot be described as such - just look at the popularity of random unverified PPAs on Ubuntu derivatives or AUR packages on Arch.
@Markaos Well I have a dual boot system, Linux / Windows 10, and have for decades, other versions of Windows but dual boot none-the less. The old days before grub used to chain-load from the windows boot-loader (ick) but over those years I’ve probably had to reload windows owing to malware I could not excise at least once a year. I’ve never had to do this, ever, with Linux.
this owes to the fact that windows simply has exponentially more users and is therefore more valuable to target.
@zwekihoyy Yea I’ve heard that excuse but on the Internet there are infinitely more Linux servers and still Windows is more often compromised. I think it has more to do with thousands of eyes on the code submitting bug reports and fixes.
Go with one of the ready to use systems. Flatpak, Snap, AppImage. Snap is largely Ubuntu Ecosystem, Flatpak is independent. AppImage is an option if you do not need/want a Sandbox.
Stay away from Docker and LXC for this use case (graphical applications), they are much more work to get going.
IIRC that’s the whole point of flatpak, snap and appimage
Docker can probably do it too, distrobox puts a useful wrapper on that
Nix does that kind of, nix packages aren’t isolated in that they can’t access resources on your system but all dependencies are stored in the nix store, hashed and isolated from eachother, and wiped when you collect garbage
Appimage doesn’t do deduplication of packages does it?
Docker, Distrobox, Toybox, systemd-nspawn, chroot.
Technically those all rely on the same kernel namespace features, just different ways to use it.
That’s also what Flatpaks and Snaps do. If you only care about package bloat, an AppImage would do too but it’s not a sandbox like Flatpak.
Don’t use docker with distrobox. Use podman instead as it is rootless and faster
