Are there others here who are interested in creating/ building resilient desktops for daily use? If so, perhaps we can use this thread to discuss what interested individuals have learned or need in order to improve system hardening, identifying and reducing threat vectors, preparing cyber-resiliency (survival after attack), information exposure, system vulnerabilities, applications sandboxing, reducing systems footprint… etc.
How do we define resilience?
From the opening post it seems that at least, recovery, anonymity, and security are referenced.
“Reducing footprint” seems to additionally reference (reducing) resource consumption.
Further - how are these concepts or their implementation tied to DEs or WMs?
If all of these things, or others, are to be considered together then thats fine too but some clarification might help garner the kinds of responses you would like.
I have been doing a LOT of work in these realms. I actually want to know how others define the realm for themselves but here are some articles I have written that outline my perspectives.
random thoughts on security:
--shit hiding in firmware/hardware is the new threat and I have no idea how to mitigate it and the computing world has little idea how to detect it. Yet.
–know thy firewall and what it allows and what it doesn’t. Read.
–they always say “know your own threat model” but I’m not doing anything too goofy and I’m on Linux and I mostly I trust the distro mostly and I just want to be left alone, not hassled, and not advertised to online. I can handle some of this stuff myself.
–selinux doesn’t do anything for me
–either does apparmor
–I don’t trust any chrome derivatives including my daily ungoogled but it’s good for work stuff and only work stuff.
–apps don’t run well in firejail
–I need a moron version of Wireshark cause I’m not an IT security expert and I’d really like to see what weird stuff is calling out for giggles. I read about a guy noticing gnome calculator was a busy caller-outer the other day
–do you need AV/AM on Linux? Nah. But you do owe yourself an audit every couple months like Lynis. good to know what’s happening and what the auditor thinks you are weak at, etc
/thoughts, that’s all/
so I guess that’s a “no interest” from you. 
1 Like
OpenSnitch could tell you that.
I love this topic. I was trying to get the ball rolling! Evidently I really sucked at that. Try it again without me 
This is something I am interested in but I am very early days, used linux since one year ago but have went through extensive measures to learn linux how it operates and scripting or programming for it. So I am open to anything an absorbing information and techniques from others currently and I have planned cyber security courses to go through. So probably not really helpful for you currently on a knowledge basis but I am someone who is interested. However if I think of anything I will add.
I work in IT currently but nothing like network manager or security… yet. So I know some things that would be used to lock down a network or a Windows PC or operating procedures but that is it, usually the largest weakness is the user themselves but this isn’t necessarily related to “resilient desktops”. At least from Privacy and security topics I have looked through I learned usually the most private or secure system is usually never the most convenient method, but I am prepared to go through this.
Some General Thoughts and Discussion Points
Let me begin with a caveat: while I’m old and opinionated, I don’t claim to be an expert in cybersecurity. What I share here comes not from formal credentials, but from long hours immersed in this evolving landscape—perhaps too many.
My primary concerns may not be yours. I’m driven by a desire to:
- Protect personal freedoms, particularly freedom of speech and association;
- Push back against government and corporate intrusion;
- Cut through the noise—minimize internet cruft and reduce advertising bloat.
Here are a few things I’ve come to believe through this ongoing journey:
- Cybersecurity is not a destination—it’s a continual process. “More secure” does not necessarily mean “secure enough,” and even “good enough” is a moving target.
- Threats evolve constantly. This isn’t a static problem, and no one-time solution will last forever.
- Maintenance matters. The care and feeding of any system—especially one you’ve hardened or secured—requires vigilance. Updates, audits, and thoughtful review are essential.
- It’s a lot. There’s always more to learn, more to share, and more to do. But that shouldn’t discourage us. It should ground us—in community, in curiosity, and in a shared commitment to digital autonomy.
Curious how others approach this: What are your primary concerns when it comes to digital security? What trade-offs do you make—or refuse to make?
I hope no one finds this offensive… if it is, please #Mods feel free to remove the post.
New Write-up: Building Real Resilience
Tired of chasing the “perfect” secure system only to burn out maintaining it? I share some recent lessons learned across Alpine, Arch, ParrotOS, and EOS in search of a real-world, supportable setup that actually holds together.
https://eirenicon.org/building-real-resilience-notes-from-the-ground/
Digital security, for me the concern is the general population is unaware of where our data goes, how it’s taken, or used. People will use various tools or governments will produce laws, or companies will take away from you and most don’t seem to care or know. There are not many trade offs I am willing to make so far, been inconveniencing myself more and more over time, most things convenient especially from companies is usually a result of hiding a lot from you, especially data collection, usually they market these as new features and other positive marketing langauge.
And of course there comes to privacy. For me while security and privacy are two separate categories, there is so much overlap between them you almost cannot have one without the other. Encryption for example is security, however it also secures your privacy. Companies breach your privacy to store data about you on their systems and yet if they get a data breach by hackers now all that data is a security threat to you. Companies always want you connected to everything at all times, this in itself is a risk and can reveal a lot about you online.
So my concerns are similar to your with variations or extras.
- Protect freedom (This could include free speech), privacy, and transparency with the things we use.
- Government and corporate intrusion goes without saying. Most of the time they are working with each other, the big 5 companies especially , Apple, Microsoft, Google, Amazon, and Meta.
- I am also driven to keep as much of my stuff in control of my own hands as possible, and not let corporations have it.
Security and privacy if often a game of wack-a-mole, you remove one and another appears. This can be severely reduces by minimising the amount of attack vectors you have, such as reduces amount of browser extensions, removing software or random stuff you are not using anymore, understanding where you data is going, ans also using open source software.
But of course maintenance of any system is required, a big amount of it can be updates. Managing the firewall to restrict traffic. I personally have some RSS feeds from some security websites which will usually alert me to any recent threats or new privacy and security techniques and methods.
There is a lot more than this of course but it’s difficult to condense it all and don’t want my message to be too large. A lot of my stuff so far has mostly been external of the PC I pretty much align with what you wrote but just didn’t want to duplicate too much, but most threats start right when you connect to the internet, Physically the device is more in control of your hands. If anyone else is interested in chiming in they can.
Clearly we see much the same challenge. The challenge with too much in the security realm is that cure, too often, is worse than the disease (it seems). Thus the challenge becomes “'ease of use”, maintainability, affordability (time & effort)… It doesn’t help that some many of the security platforms are geared towards penetration testing, hacking, etc. Thus they are not focused so much on prevention but more often on reaction.
There are very few platforms that encourage and enable both everyday use (daily driver) and prudent protection without asking for immense maintenance costs (time & labor). That’s the challenge I personally am trying to address. In my limited experience I find paying a little more in memory consumption often yields enormous payback in terms of ease of use. EOS is actually much better than vanilla arch (for what I need). Alpine, a tiny skinny wonderfully secure environment, came unglued for me with implementing VPNs. For me that was a deal killer (because one of my most concerning threat vectors is government intrusion (I live in the US, you may understand). I have begun to notice that my threat profile often aligns with those of people in the Arab world… I’m exploring there right now to see what might be interesting and available. In the meantime, it’s EOS for me (with a bunch of tweaks).