First of all, thanks for sharing this. I also found their text a couple of days ago, and was thrown off by it. It’s both enlightening and slightly scary. I really want FLOSS’s flourishing to be not only a personal wish upon the world, but to result in an objectively securer world . However, I think Madaidan successfully lets us see the proactive approaches towards security that Windows and MacOS have adopted, as well as the concrete ways in which those manifest. But some people are highly critical of them. That threw me off further. So here we are, thrown off and wanting to talk about it to sort it out to the extent that we can.

My opinion of them has to be prefaced by two disclaimers that frame it. First, I think it’s perfectly possible for us to recognize the truth as well as wish for a different reality. Second, there is an objective reality that is always filtered through our perspectives. This means we can’t play the ‘God trick’ of claiming all truth nor claim knowledge is 100% relative; rather, knowledge is positioned.

So back to Madaidan. Do we want to dismiss a clearly-laid-out and valid argument because it doesn’t align with our expectations (e.g. “FLOSS is securer. Linux is FLOSS. Therefore, Linux is securer”)? The answer depends on whether we feel comfortable with the world not aligning with our perspective. Similarly, the criticisms I’ve seen of them are mainly about their “racist” views, their censorship of others, and their promotion of non-FLOSS software. Some of these are not light accusations, and they have implications for the interpretation of his arguments. For example, are they aiming for FUD for people to trust Linux less? Maybe, but I can’t help but notice that the criticisms levied against them are not directly dealing with the validity of their claims, but rather are about their personal characteristics and their behavior.

This is where the positioning of knowledge is important. It’s perfectly possible for someone to be a bigot and yet make a valid argument. The value-laden goals that motivate someone to argue something (e.g. ‘racial superiority’ [sic] justifying racism, or freedom justifying open licensing) are important to know whether to be skeptical or to ease our guard. But until a validity threat weakens the argument, an argument that is well crafted is valid. Even Hitler could validly argue that the Earth rotates around the Sun and not the other way around. I’m not defending people worth condemning. I’m trying to get at the golden nuggets of truth that can be found if we’re willing to accept a world that is different to what we want.

So, is there truth in what Madaidan says? I certainly think their arguments in the Linux post are valid. I am also perfectly willing to search for and accept others’ validity threats to their argument, a search spurred by the context of accusations against them. For example, the discussion regarding sandboxing, present in a couple of different comments, is precisely the kind of discussion that we should be having to untangle this whole thing!

Finally, I think it’s valuable to give fodder to accept the worst case scenario. That scenario is Linux indeed having poorer security in many respects compared to Windows and MacOS. If anything, this kind of open discussion about Linux’s security approach is precisely what is great about FLOSS! I had never heard about these problems in Linux’s security model, but in the past week I’ve found Madaidan’s article three times in three entirely different contexts. I think they’re turning a lot of heads. Hopefully that will spur changes in Linux for the better. It could be improved systematically with the insights that have been garnered for the past couple of decades.

This statements can be profoundly misleading when taken without context.

Security is complex and multi-faceted. It needs to be understood with the proper context:

• what type of user are we protecting: skilled, unskilled, an entire company? An entire nation?
• what type of data are we protecting: a database? The user email address, browsing activity, connection metadata?
• what is the threat model or the attacker: a simple email scam? Surveillance from big companies? Targeted attack from a nation state?

The majority of security breaches are surprisingly low-tech (phishing, guessable password…, stalkerware, built-in telemetries)

Without context an article that goes “Linux being secure is a common misconception in the security and privacy realm.” can easily fuel FUD.

Another thing to point out is that he states how the Linux kernel has hundreds of vulnerabilities found compared to other OS’s. Well yeah, Linux is open source and literally any researcher/security expert can read the code to find bugs. Good luck trying to do the same with Windows or MacOS.

Lastly, most Linux distros are “complete” in the sense that you generally (or at least for the majority) don’t have to install much software outside of whats already in your distribution’s repos; you’re not having to google/download sketchy apps, so this threat model of rogue apps trying to hack/steal your data is minimal, if not non-existent.

The real problem is those systems (Windows, MacOS, iOS, Android) all have an app store where a ton of developers are trying to make money off of you in any way possible by stealing your data/invading your privacy, so they had to build a permission system because you can’t trust those random people. You can generally trust your Linux distro to not package malware and can safely install any app that’s available.

Edit: I should add, its still a good writeup. I think he makes some good points and it would be great to see Linux improve in some areas, even if the problem doesn’t really exist as much as it does for the more commercially backed operating systems.

Running everything sandboxed even if the software that’s being run is FOSS and comes from trusted sources doesn’t sound too bad though. Just another layer of defense. What are the potential security issues this could cause?

Ouch. Microsoft used to sue people instead of fixing bugs? What a way of guaranteeing insecurity in the long run!

I wonder if the whole “Microsoft moved all font parsing out of the kernel” as well as the “macOS moved a substantial portion of its networking stack - the transport layer- from the kernel into user space” happened after the “years [in which] internet explorer was so tightly integrated into windows”. You could both be right. The quote of his actually supports your point: “Windows and Mac kernels are somewhat similar too, in that they are also large and bloated kernels. […] Windows has historically been plagued by vulnerabilities within its font parsing code.”

So what I understand is that you’re right that it’s funny to think that macOS and Windows were more sandboxed than Linux. Based on his quote, it appears as if this has recently changed, at least in the examples given and the general “systemic approach” to security.

I think this has worked till now because:

1. Linux’s user base is small, so it isn’t a very attractive to malware developers.

2. Linux’s userbase is mostly tech savvy people, who don’t do stupid stuff.

But the question is, does it scale up if Linux became mainstream and popular among the tech illiterate?

This is true, but I think if Linux was designed today it would have a permissions model similar to something like Android from the start. Every app would need explicit permission to access data and hardware, etc.

The article is indeed one-sided and often makes exaggerated claims.

One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "

This ignores that facts that new releases are the only source of new vulnerabilities.

Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.

deleted by creator