mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-12-24 15:09:38 -05:00
Convert Desktop page to HTML admonitions (#2397)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
parent
f12573d40b
commit
f098042357
@ -12,7 +12,7 @@ Linux distributions are commonly recommended for privacy protection and software
|
||||
|
||||
### Fedora Workstation
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ align=right }
|
||||
|
||||
@ -22,11 +22,15 @@ Linux distributions are commonly recommended for privacy protection and software
|
||||
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
|
||||
|
||||
### openSUSE Tumbleweed
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ align=right }
|
||||
|
||||
@ -38,11 +42,15 @@ Fedora has a semi-rolling release cycle. While some packages like [GNOME](https:
|
||||
[:octicons-info-16:](https://doc.opensuse.org/){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://shop.opensuse.org/){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality.
|
||||
|
||||
### Arch Linux
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Arch logo](assets/img/linux-desktop/archlinux.svg){ align=right }
|
||||
|
||||
@ -52,6 +60,10 @@ Tumbleweed follows a rolling release model where each update is released as a sn
|
||||
[:octicons-info-16:](https://wiki.archlinux.org/){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://archlinux.org/donate/){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
|
||||
|
||||
Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
|
||||
@ -62,7 +74,7 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)
|
||||
|
||||
### Fedora Silverblue
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ align=right }
|
||||
|
||||
@ -72,6 +84,10 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)
|
||||
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/fedora-silverblue/){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Silverblue and its variants differ from Fedora Workstation as they replace the [DNF](https://docs.fedoraproject.org/en-US/quick-docs/dnf/) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image.
|
||||
|
||||
After the update is complete you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily rollback if something breaks in the new deployment. There is also the option to pin more deployments as needed.
|
||||
@ -82,7 +98,7 @@ As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fed
|
||||
|
||||
### NixOS
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![NixOS logo](assets/img/linux-desktop/nixos.svg){ align=right }
|
||||
|
||||
@ -92,6 +108,10 @@ As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fed
|
||||
[:octicons-info-16:](https://nixos.org/learn.html){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
|
||||
|
||||
NixOS also provides atomic updates; first it downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation; you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
|
||||
@ -106,7 +126,7 @@ Nix is a source-based package manager; if there’s no pre-built available in th
|
||||
|
||||
### Whonix
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right }
|
||||
|
||||
@ -117,6 +137,10 @@ Nix is a source-based package manager; if there’s no pre-built available in th
|
||||
[:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.
|
||||
|
||||
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator. Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
|
||||
@ -125,7 +149,7 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
|
||||
|
||||
### Tails
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Tails logo](assets/img/linux-desktop/tails.svg){ align=right }
|
||||
|
||||
@ -135,6 +159,10 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
|
||||
[:octicons-info-16:](https://tails.boum.org/doc/index.en.html){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://tails.boum.org/donate/){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
|
||||
|
||||
Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
|
||||
@ -145,7 +173,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
|
||||
|
||||
### Qubes OS
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right }
|
||||
|
||||
@ -158,6 +186,10 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
|
||||
[:octicons-code-16:](https://github.com/QubesOS/){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.qubes-os.org/donate/){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the *qubes* and the core system.
|
||||
|
||||
For further information about how Qubes works, read our full [Qubes OS overview](os/qubes-overview.md) page.
|
||||
@ -166,7 +198,7 @@ For further information about how Qubes works, read our full [Qubes OS overview]
|
||||
|
||||
While we [recommend against](os/linux-overview.md#release-cycle) "perpetually outdated" distributions like Debian for Desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Kicksecure logo](assets/img/linux-desktop/kicksecure.svg){ align=right }
|
||||
|
||||
@ -178,6 +210,10 @@ While we [recommend against](os/linux-overview.md#release-cycle) "perpetually ou
|
||||
[:octicons-code-16:](https://github.com/Kicksecure){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.kicksecure.com/wiki/Donate){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
## Criteria
|
||||
|
||||
Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](os/linux-overview.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
|
||||
|
Loading…
Reference in New Issue
Block a user