PC Operating Systems
If you are currently using a operating system like Windows 10, you should pick an alternative here.
{% include cardv2.html
title="Qubes OS"
image="/assets/img/tools/Qubes-OS.png"
description='Qubes is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers.'
badges="info:Xen"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://www.qubes-os.org/"
github="https://github.com/QubesOS"
tor="http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/"
%}
{% include cardv2.html
title="Fedora Workstation"
image="/assets/img/tools/Fedora.png"
description='Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment.'
badges="info:GNU/Linux"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://getfedora.org/"
git="https://src.fedoraproject.org/"
%}
{% include cardv2.html
title="Debian"
image="/assets/img/tools/Debian.png"
description='Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.'
badges="info:GNU/Linux"
website="https://www.debian.org/"
git="https://salsa.debian.org/qa/debsources"
tor="http://sejnfjrq6szgca7v.onion"
%}
Warning
Remember to check CPU vulnerability mitigations on Linux
This also affects Windows 10, but it doesn't expose this information or mitigation instructions as easily.
When running a enough recent kernel, you can check the CPU vulnerabilities it detects by tail -n +1 /sys/devices/system/cpu/vulnerabilities/*. By using tail -n +1 instead of cat the file names are also visible.
In case you have a Intel CPU, you will likely see that MDS - Microarchitectural Data Sampling is only partially mitigated ("SMT vulnerable"), unless you have disabled it in UEFI BIOS as the full mitigation disables Simultaneous multithreading which may be the cause of the highest performance impact.
The following steps can be took to enable the full mitigation assuming your system/distribution uses grub and supports /etc/default/grub.d/:
sudo mkdir /etc/default/grub.d/ to create a directory for additional grub configuration
echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt" | sudo tee /etc/default/grub.d/mds.conf to create a new grub config file source with the echoed contentsudo grub-mkconfig -o /boot/grub/grub.cfg (or on Debian/Ubuntu based distributions sudo update-grub to generate a new config file including this new kernel flag
sudo reboot to reboot
- afterward the reboot check
tail -n +1 /sys/devices/system/cpu/vulnerabilities/* again to see that MDS now says SMT disabled.
Further reading
Worth Mentioning
- OpenBSD BSD - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography.
- Arch Linux GNU/Linux contrib - A simple, lightweight Linux distribution. It is composed predominantly of free and open-source software, and supports community involvement. Parabola is a
completely open source version of Arch Linux.
- Trisquel GNU/Linux - Derived from Ubuntu, this project aims for a fully free software system without proprietary software or firmware and uses Linux-libre, a version of the Linux kernel with the non-free code (binary blobs) removed.
- Whonix GNU/Linux - A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation"
and a Tor "Gateway". All communication are forced through the Tor network to accomplish this.