{{Header}}
{{Title|title=
{{project_name_long}} Stable Version User Experience
}}
{{#seo:
|description=Aims for a seamless and robust user experience in the stable release of {{project_name_short}}
|image=Stability-23423542354.jpg
}}
{{maintainability_mininav}}
{{intro|
This page outlines the primary user experience objectives for the stable release of {{project_name_short}}.
}}
= User Experience Goals =
The goal for the stable version of {{project_name_short}} is to provide a reliable and interruption-free user experience. Users should expect to never encounter issues with:
* System boot process;
* Network connectivity;
* Graphical desktop environment;
* APT package management;
* Necessity for manual interventions or fixes.
Furthermore, each stable version of {{project_name_short}} should support seamless upgrades to the subsequent stable release, typically within a month after the new version becomes available.
Issues such as [https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/ 2023 December's Microsoft Windows 11 KB5033375 update breaks Wi-Fi connectivity] are to be avoided
= Security versus Usability =
Where is the line? When does security get too much in the way, until there is no longer a product that is actually useful for users?
== The Trade-Off Between Security and Usability ==
The idea of maximum security sounds appealing—who wouldn't want better security? But achieving this often comes at a cost, and the cost is typically usability. The balance between security and usability is hard to strike.
== Maximum Security: Unrealistic Expectations? ==
If we push for maximum security, users are often left with unrealistic time and skill requirements.
'''Examples:'''
* If maximum security is the goal, why offer binary downloads at all? Why not require users to build everything from source code?
* Why are we offering binary package repositories? -> Go upgrade from source code.
* Difficult? Uncomfortable? -> Yes, go write your own scripts to simplify.
* Using a binary kernel provided by Debian? -> Why not compile your own kernel tailored for your use case?
* Why are we using a binary distribution (Kicksecure) based on Debian, which is also a binary distribution? -> It would be more secure to learn everything about [https://www.linuxfromscratch.org Linux From Scratch]. Learn about all the software packages (bootloader, kernel, init, desktop environment, ...), choose the ones you deem most secure, compile them from source code.
These are all examples of maximum security at the expense of usability and realistic time constraints.
== Real-World Examples of Security/Usability Trade-offs ==
In other words, if the user wants maximum security, the user cannot use any Linux distribution. A distribution necessarily always makes choices on behalf of the user because users cannot be expected to make all of these choices themselves. These choices cannot be perfect for any single user (except perhaps for 1 single user or 1 developer) and are necessarily always a compromises.
[https://github.com/Notselwyn/CVE-2024-1086 CVE-2024-1086] was a local privilege escalation bug that could be exploited when kernel.unprivileged_userns_clone = 1
was set. Local privilege escalation means malware is already running on the system under a limited Linux user account such as user user
.
To counteract this, there are tools like Flatpak and AppImage, which provide sandboxing capabilities. These tools can be used to install newer software. For example, it could be argued that a browser from Flathub may be safer from remote code execution than one installed from packages.debian.or
g. Such software might be more resistant to remote code execution vulnerabilities, which is more important than local code exploitation resistance.
It could even be considered to install software from Flatpak by default in Kicksecure (for the purpose of the default browser, which is a separate issue -> [[Dev/Default_Browser]]).
However, the price for that is enabling kernel.unprivileged_userns_clone = 1
.
Also, [[sandbox-app-launcher]], which hopefully one day will be ready for use in production, relies on bubblewrap
, which then either requires SUID or kernel.unprivileged_userns_clone = 1
. This is also a security compromise. Less security if the system is already compromised from local privilege escalation, but more security in other ways because malware would be trapped inside the sandbox, unable to attempt many local privilege escalation attacks.
== Hypothetical Questions to Illustrate the Dilemma ==
Kicksecure development goal is to avoid becoming a broken mess where documentation reading is required for common activities.
'''Hypothetical Questions:'''
* The desktop doesn't start, sound doesn't work? -> Recompile your kernel + enable [[Operating_System_Hardening#Module_Loading Module Loading|module loading]].
== User Choices ==
User options boil down to this:
* If you want maximum security, stop using Linux distributions and use Linux from scratch.
* If you want maximum security, while still having good usability (on the level of Debian or better), use Kicksecure.
== Conclusion: Finding the Right Balance ==
These scenarios illustrate the challenges users face when security becomes too rigid. There has to be a balance, where we keep users safe without creating unnecessary barriers to entry or regular usage.
In the end, a one-size-fits-all approach to security doesn't work. While maximum security is theoretically possible, it often compromises usability to the point of absurdity. Kicksecure strives to offer a middle ground—strong security features without sacrificing the usability users need.
= Usability and Development Practices =
== High-Quality Solutions ==
{{project_name_short}}'s approach to software development and distribution maintenance is characterized by a commitment to high-quality solutions, rather than resorting to workarounds, hacks, temporary fixes, quick and dirty solutions, or finger-pointing.
For example, discussed in [https://github.com/Kicksecure/security-misc/issues/184 MAC randomization breaks root server and VirtualBox DHCP / IPv6PrivacyExtensions might be problematic], MAC randomization won't be enabled by default in Kicksecure if it is already known to break networking inside VirtualBox VMs.
{{quotation
|quote=Kicksecure isn't just for my personal computer security hardening. It needs to work for the actual users of Kicksecure.
|context=Patrick, Kicksecure lead developer
}}
== Streamlined Development Process ==
Contributing to other projects such as Debian, Qubes, Tails is comparatively more difficult than contributing to Kicksecure. For example, have a look at the [https://tails.net/contribute/merge_policy/common_rules/ Tails merge policy].
{{project_name_short}} has a different approach and streamlined processes.
* Not insisting that contributors write a clean commit history.
* Contributors are not asked to git squash and rebase primarily for minor aesthetic adjustments.
* No perfect documentation is requested either.
* Patrick, the reviewer, will attempt to take on additional minor, detail-focused commits on top and, if feasible, also make other improvements himself.
As a result, projects such as Kicksecure and Whonix have, in Patrick's opinion, progressed more rapidly than Tails development.
For instance, Tails lacks analogous features to Kicksecure's [https://github.com/Kicksecure/security-misc security-misc] and similar tools.
An illustrative example is found in the handling of [https://github.com/Kicksecure/security-misc/pull/147 libpam-tmpdir pull request]. This would probably have been reverted by Tails and returned to the contributor as per its "Do not break the build... or get reverted" policy.
== Differentiating Linux Distributions ==
Quote from [https://wiki.archlinux.org/title/arch_compared_to_other_distributions Arch Linux wiki]:
Sometimes called "newbie distros", the beginner-friendly distributions share a lot of similarities, though Arch is quite different from them.Quote from [https://wiki.gentoo.org/wiki/Installation Gentoo Linux wiki]:
Gentoo will likely require more effort to learn than so-called "beginner-friendly" distributions.These quotations highlight that not all distributions aim to be, or are, beginner-friendly. == Kicksecure: A User-Friendly Fork of Debian == In this context, Kicksecure, a fork of Debian, represents an effort to create a more user-friendly experience compared to Debian. Arguably, this has already been accomplished with respect to getting started with Linux inside VirtualBox. The Kicksecure website is significantly more streamlined and easier to use than the Debian website. This is elaborated in chapter [[About#Usability_by_Default|usability by default]]. {{Footer}} [[Category:Documentation]] [[Category:Design]]