“It’s such poor-quality software and product, and I’m so surprised that it’s [spent] so many years on the market,” he said. “I can’t believe it.”

Based.

Honestly native builds are bad. Proton is where it’s at, preferably abolishing DirectX while they’re at it.

There’s already Trinity.

Don’t know what their stance is on Wayland but it exists.

KDE themes are scripts. A coding mistake in one resulted in someone’s file system being erased, it would be quite easy to distribute malware via that method.

There are plenty of reasons why themes are bad. They’re a security risk when downloaded from the internet, they’re often not updated alongside the desktop environment causing bugs, and maintaining support for themes is difficult.

But what GNOME does is eliminate choice, not themes.

You can technically buy a Chromebook instead. Apparently they kick up a real fuss if you try to install your own OS on it though, Not that I’ve tried.

Except they only help you with the install IIRC, so basically useless.

I do want that extra security. But I’m disappointed it can’t be automatic in Secureblue (even though I’d be using it as explicitly not intended).

I did some research and I see what you mean. Apparently using the Flatpak of a browser disables the sandboxing between browser tabs. It doesn’t necessarily make my device less secure but it would make my browser less secure. Firefox officially supports it’s Flatpak so it would be good if I could find some sources more reliable than various forum posts but all-well.

I’m iffy on having to manually configure my security but if I’m using Firefox on a distro that does not support it then there’s not much I can do to avoid that.

Thanks for your tips.

I ain’t sweaty enough to Arch. I run CachyOS on my desktop but I want my laptop to be more secure in which case Arch would be my only option. Overall Fedora (and it’s derivatives) are the only distros that meet my expectations for a distro.

In terms of gripes theres:

1. It’s prompting me to upgrade to the unstable Ubuntu 25.10.
2. It failed to upgrade me when I accidentally pressed the button.
3. Widespread consensus that Ubuntu doesn’t take security as seriously as Fedora/OpenSUSE.
4. That whole Xubuntu malware situation.

I’m pretty sure there was another big issue I had. But it’s not coming to mind immediately. I’ve heard a lot of complaints about Ubuntu and I think I ran into something like that but it wasn’t that important to me personally so it slipped my mind.

I was under the impression that a recent Firefox update means it supports hardened_malloc. I haven’t been able to find a clear answer on this though since it’s kind of a fringe issue. Am I to take this to mean it doesn’t? I’m not too keen on running Firefox using the jemalloc.

If I’m using Secureblue I presume there is automatic configuration of the bubblejail if I install it as a Flatpak.

I’ve never used a Flatpak-first distro, but customization and performance are not high on my priorities.

It’s Linux VM’s running inside a Xen Hypervisor. I want security but I also want to run Linux proper. I’m not exactly giving a good explanation here but basically I don’t really want to use Qubes.

I had a bad experience with OpenSUSE in the past. I’m also nostalgic for that time (mainly because of the colour scheme I had on KDE at the time) but at the moment I want to try Fedora or Secureblue.

Basically what I’ve learnt with this thread is the same thing anyone learns when asking which distro to pick, “it doesn’t matter, just pick one”.

That seems to be the case. Since I can’t find my original source. I remembered them saying something along the lines of “KDE doesn’t have a thumbnailer sandbox, GNOME has one albeit weak, so you should use GNOME” but I can’t find that source anywhere so maybe I imagined the entire thing.

Either way I’ll disable the thumbnails on everything but images just because I don’t really need them and if anything having PDF’s generate thumbnails like images do just makes my downloads folder more confusing to navigate.

I’m gonna have to try secureblue and only switch when I find something that doesn’t work. I’m not entirely sure that Firefox works at present.

Trivalent doesn’t support extensions https://secureblue.dev/faq#trivalent-extensions but I only need those extensions on Firefox. My backup browser is mostly for sites that involve online purchases as it’s too much of a hassle with noscript.

Other than that thank you for your advice.

I wouldn’t know. I’m coming here with worries, not facts.

Please ignore the entire cybersecurity hype news cycle about images being used to spread malware.

I’ve heard of thumbnails being used to deliver malware. Specifically the idea that “thumbnailers” are javascript code included in the file that will run in order to generate a thumbnail and they have the potential to deliver malware. After an arduous search I found this article https://thehackernews.com/2017/07/linux-gnome-vulnerability.html suggesting a vulnerability in the thumbnail generator for windows executables on GNOME allowed it to be used to deliver malware because the file name contained code that was executed by the thumbnailer. I’m still entirely unclear about what a thumbnailer even is (whether it’s local or remote code) or what my original source was. For now I’ll just turn off thumbnails for all but images and hope that counts as adequate security.