Daniel Micay Quotes


I am paraphrasing.

  • In quotes (") is my not so serious summary.
  • Blow using forum quotation “>” is what he really said.

You should read the full quotes at its source to see the context for yourself.

“FreeBSD is shit.”
“systemd is shit.”

Also, all these things about desktop Linux completely apply to anything else using the software stack. It doesn’t matter if it’s FreeBSD or whatever. FreeBSD also has a less secure kernel, malloc, etc. but at least it doesn’t have nonsense like systemd greatly expanding attack surface written with tons of poorly written C code.

“QubesOS is kinda shit.”

QubesOS would be far better off with a different OS inside the guests. It’s not really a Linux distribution though and can be assembled out of other distributions. Most of the work has been Linux integration though. The biggest flaw with it is that it’s trying to assemble a secure system out of garbage (x86, desktop Linux). It does a great job at implementing some of the best compartmentalization available despite the challenges. It could be a lot better if the components it uses cared more about security.

“Desktop operating system encryption is shit.”

The traditional desktop OS approach to disk encryption is also awful since it’s totally opposed to keeping data at rest. I recommend looking at the approach on iOS which Android has mostly adopted at this point. In addition to all the hardware support, the OS needs to go out of the way to support for fine-grained encryption where lots of data can be kept at rest when locked. Android also provides per-profile encryption keys, but has catching up to do in terms of making it easier to keep data at rest when locked. It has https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUnlockedDeviceRequired(boolean) now as a nicer approach to keeping hardware-backed keys at rest, but iOS makes it easier by letting you just mark files as being in one of 2 encryption classes that can become at rest when locked. It even has a way to use asymmetric encryption to append to files when locked, without being able to read them.

“Linux applications are shit.”

The userspace Linux desktop software stack is far worse relative to the others. Security and privacy are such low priorities. It’s really a complete joke and it’s hard to even choose where to start in terms of explaining how bad it is. There’s almost a complete disregard for sandboxing / privilege separation / permission models, exploit mitigations, memory safe languages (lots of cultural obsession with using memory unsafe C everywhere), etc. and there isn’t even much effort put into finding and fixing the bugs.

“Debian is shit.”

Look at something like Debian where software versions are totally frozen and only a tiny subset of security fixes receiving CVEs are backported, the deployment of even the legacy exploit mitigations from 2 decades ago is terrible and work on systems integration level security features like verified boot, full system MAC policies, etc. is near non-existent. That’s what passes as secure though when it’s the opposite. When people tell you that Debian is secure, it’s like someone trying to claim that Windows XP with partial security updates (via their extended support) would be secure. It’s just not based in any kind of reality with any actual reasoning / thought behind it.

“Linux kernerl is shit, macOS, Windows is also shit”

The Linux kernel is a security disaster, but so are the kernels in macOS / iOS and Windows, although they are moving towards changing. For example, iOS moved a lot of the network stack to userspace, among other things.

“Open Souce is shit.”

It’s just the fallacy that open source is more secure and privacy respecting. It’s quite often not the case. There’s also the mistaken belief that closed source software is a black box that cannot be inspected / audited, and the massively complex hardware underneath is the real black box. A lot of the underlying microcode / firmware is also a lot higher to inspect.

Really, people just like saying that their preferred software stack is secure, or that open source software is secure, when in reality it’s not the case. Desktop Linux is falling further and further behind in nearly all of these areas.

“Firejail is shit.”

Firejail specifically is extremely problematic and I would say it substantially reduces the security of the system by acting as a massive privilege escalation hole.

“Flatpak is shit.”

The work to try catching up like Flatpak is extremely flawed and is a failure from day 1 by not actually aiming to achieve meaningful goals with a proper threat model.

Note by me: flatpak uses bubblewrap so this might indirectly concern bubblewrap too.

Him sharing his thoughts is appreciated. In some points I agree. Others not. Or don’t know. Too much to debate and not productive.


No matter how shit Linux and Qubes OS are security-wise, the fact will always remain that Windows, macOS and Google-branded hardware/software have morphed into 100% surveillance platforms that have monetized users in a thousand different ways.

Corporations endorsed data siphoning as their primary business strategy after government failed to enact strict regulation, laws and stiff penalties for stealing and hoarding personal user data. This is also no mistake, since it supercharges the government panopticon fetish. Hence the term “government-corporate-surveillance complex”.

Give me less-secure, open source Linux/Xen shit any day of the week over any corporate option that feeds billion $ bottom lines - they are data whores masquerading as alternative platforms and an essential part of the modern security state.

Unfortunately in the end calculation, all computers/peripherals, all code etc. is unfit for purpose for providing proper security from skilled and well-resourced outfits. Nothing is going to change that. Only mid-tier to pissant adversaries will be swatted away by privacy enthusiasts who go the whole nine yards.

And Google etal. won’t stop sucking government c**k anytime soon. So, we’re left with definitely backdoored shit like Windows, or partially useless open source. Easy choice then for stuff like comms/browsing and so on that one is willing to risk i.e. doesn’t mind sharing (in probability) with 5 eyes buddies who attack the entire privacy-minded population at whim (illegally and with no penalty), see: https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

If people think they’ll allow the .02% of Internet data they can’t immediately siphon to be left alone, they are sadly mistaken and haven’t done their homework.

Until then, anything you really treasure, don’t want to share with any misfits should be done 100% offline. No electronic peripherals of any kind. Ever. (Be proud of the probable dossier you are building on a Utah server :wink: )

Unfortunately the only viable, online privacy solution for the masses is widescale adoption of Tor, .onion infrastructure and so on – but that is itself mostly a pipe dream with the apathetic public, 94% of whom are glued to a smartphone daily and shuffling around like zombies while patched into Facebook to catch up with the latest social media drivel…

In summary, Daniel’s probably right, but opensource shit tastes better than a corporate shit sandwich.

“Everything’s shit. Burn it all down and use an abacus” --Daniel Micay

1 Like

All these points are true. I don’t see anything wrong with them.

I’m pretty sure he said he likes Qubes and even uses it, just that the default guests aren’t exactly brilliant.

He doesn’t say it’s shit. He just says that it doesn’t make your software completely secure like many people assume.

1 Like

That’s where we/(you?) come in. Hardening the guests to prevent SHTF before the hax0rs take shots at the hypervisor.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]