https://news.ycombinator.com/item?id=13190597<p>you might have noticed this. i thought i should not use gui (desktop). then someone mentioned it.<p>are you think it is more secured and reliable?
Modern Linux desktop is extremely insecure and lack of any kind of isolation so any process that have access to X can do anything no matter what security measures you applied. With Wayland it's possible to isolate desktop applications, but there still unsolved problems like audio.<p>And with concepts like Qubes main flaw remain the user just like with network privacy in TOR / I2P. There is very few people around who can actually follow draconian rules systems like that enforce. And once you start to use one app insecurely you lose all advantages really.<p>It's just hard to let's say use different browsers for different things and from time to time you'll use wrong one. Then problem is that most of applications around isn't really designed to be used in separate VMs and things like file management get messy. So at some point you'll just give up trying to keep it secure.<p>So I think actually secure OS is very far in future.
Here's what Theo de Raadt had to say about virtualization for security:<p>"<i>x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit.</i>"<p>"<i>You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.</i>"