Ask HN: Is Linux Safe to Daily drive in 2026?

I would say yes! I would consider not sandboxing your internet browsers because the integration isn’t fully there yet, but everything else works. A lot of Flatpaks are maintained by their developers so you get releases faster with a layer of separation from an otherwise “slow” distro.

In my humble opinion, consider Fedora instead because of Ubuntu and Snaps. You’ll have the flexibility of Flatpaks, RPMs, Snaps if you really want, etc. Some suggested immutable distros (Silverblue), but you can adopt a containerized workflow incrementally with regular Fedora so that you don’t run into its sticky corners.

I've been using it exclusively for a few years now, but I'd still say: it depends. e.g. we've yet to see an actual photoshop replacement in OSS (Krita seems to be on a good trajectory now that they've pivoted to a broader scope). First stop is checking whether you have viable replacements for things that you use.

Ubuntu is going to strong-arm you into Snaps, the snap-ectomy is nontrivial, and they have a habit of reappearing. Some people don't have a problem with Snaps - so non-issue if you don't care. Otherwise I'd go with a downstream distro that removes them: pop os, mint, or even upstream (Debian).

XFS is an extremely mature file system if you don't need anything fancy, and you're probably less likely to lose data compared to $proprietary. The other major ones (ext4 and btrfs) are probably just as good, but XFS honestly does stand out in terms of maturity and simplicity.

A common trap is trusting the installer with partitioning. My last Ubuntu installation ran out of space on EFI. 5gb is overkill, but given how abundant disk space is, who cares. Separating / and /home is a good idea for rescue/reinstalling but without btrfs subvolumes (Ubuntu uses btrfs subvolumes by default) it becomes a bit challenging to figure out how to dice things up: e.g. docker containers are stored in /var, so they can deplete your system drive space. Last time I didn't use btrfs, 200gb for / never caused issues for me.

Oh, and Windows has a habit of removing other boot loaders from its drive. If you dual boot, use a different disk for the entire installation.

That's really the extent of the gotchas I'd give to a person literate enough to install an OS. I would slightly urge towards immutable (Silverblue), but Ubuntu is just fine.

My understanding of safety concern around Linux is mainly the security, namely, full disk encryption. Full disk encryption avoid an attacker unplug your harddrive and directly read the data.

While it is possible, it is definitely not easy to setup right, particularly if you want hibernation to disk properly setup. There is certain requirement on the disk layout setup, use LVM, setup TPM, setup bootloader parameters, setup hibernation and wake.... any step is wrong you have to use a boot drive to rescue, and it is very hard to fix if you don't have LVM in the first place. For example, Arch Linux's archinstall won't setup this whole suite for you.

This is really nessary if you are going to take the computer outside and it might get lost stolen. You definitely don't want other people to read the content after it was lost. I think this kind of security is default on Windows / Mac / iOS / Android right now already, but Linux is still so hard.

Using Mint, I've found the tools 'Timeshift' (for the OS) and 'Backup Tool' (for the Home folder) to be handy & assuring from the dangers of tinkering and/or an upgrade. Both allow saving their outputs to outside 'safes'.

Another benefit of Mint is a well-attended user forum (with swell tech support). That can important if your technical problem is rarer... with audio, say. (NOT a Linux strong-point.)

Unless your uses are bog-standard, I'd look for similar features to rely on in any distro.

Booting from Grub can be 'interesting' at times, if there's a weak point.

I'll take a contrarian view here. Disclaimer: I'm interpreting "safe" as in "usability". I've been driving Ubuntu for years for gaming purposes, and it's come a long way. Most drivers are installed out-of-the box. The apps I care about run just fine.

But.... Relative to MacOS Ubuntu is certainly not as user-friendly. It's worth noting that Linux distros will force you to confront the command line at some point. If you come from OS-es where the most technical thing you have to do is pop open settings to set screen-share permissions or "right-click -> open" to install a package, you'll notice a stark difference.

Linux comes in a wide range of distributions, so it is hard to make universal claims. One area where security defaults need to improve is sandboxing.

If security is a major concern, bwrap or firejail can easily provide that extra sandboxing.

NixOS and GuixSD make it quite trivial to sandbox applications in a declarative fashion using firejail.

An alternative is to use e.g. Flatpak, which gets you sandboxing for free via bwrap. But I am not a fan of application images that bypass package management.

Linux out of all those three is very specific in that it can be configured to be perfectly secure and, at the same time, if you explicitly ask it to shoot you in the foot, it will.

Generally the out-of-the-box experience of Ubuntu and Fedora is at least as secure or better than that of Windows. macOS tends to lean towards a more hardened configuration. Matching that is possible (Android being a great example), but will require some work on your part and is generally not worth it unless you download and run untrusted software.

And one area where desktop Linux really shines is how easy it makes it to only limit yourself to software you can generally trust: that in the default repositories. If you use a well-maintained distribution, keep your system up to date, and only use software that your distribution delivers, chances of your machine getting compromised by anything other than a strictly targeted attack are very slim.

It's understandable that eventually you might want to run third-party software. In that case, I'd definitely advise against running random scripts or commands from the Internet, especially the `curl | bash` kind, and adding third-party repositories to your system unless you absolutely trust their source. This and running out-of-date Internet-facing software are the most common attack vectors.

For third-party software, consider using Flatpak (desktop) and Podman/Docker (server). These sandbox software by default, limiting the damage it can do to your system. With Flatpak, always pay attention to what permissions your application will be granted (those are listed at installation time) and try to limit their scope as narrowly as possible. You can manage the permissions with `flatpak info -M` and `flatpak override`. There's also Flatseal, a GUI alternative which I personally haven't tried.

One more thing to watch out for: extensions. Some software, such as Visual Studio Code and derivatives, has very lax policies on extensions. Even if you install it from a trusted source, but then install an untrusted extension, the extension will run with full access to your files! If you're using such programs, I recommend installing them in Flatpak and limiting their permissions as well. I've been burned by some VSCode extensions in the official marketplace that immediately contacted Chinese IPs upon installation.

Of course, those are tips for those looking to get started. Long-time users interested in hardening should definitely look into SELinux, seccomp, namespaces, dm-verity, and their associated utilities.

I'm not aware of anything happening recently that would make it relatively unsafe. I have only used it for 20 years though, so can't say whether it was safe or not before that.

You get GUI app sandboxing with Flatpak these days.

Assuming you're already running a PC with a desktop OS, you can use virtualization to 'get your toe wet' and try linux without diving in entirely with a real install. On windows virtualbox is free for non-commercial use and pretty simple to set up.

If you've got a spare drive then install it on that leaving your existing install alone, or if you have spare space on your existing drive you can shrink a partition (backup important data first) and set up a multi-boot

Perfectly safe. I would argue that it is the safest of the three, the least invasive both in terms of its design and in terms of privacy.

The open source model of development has encouraged the correct incentives for people to become active in identifying and fixing possible exploits in a global, communal effort.

Every server on the cloud has (by a large margin) chosen Linux as the OS to trust specifically for this reason.

Yes. Significantly safer than a Windows system in the default config.

If you expose a Windows server default install to the internet it will be compromised in days. (I don't know how. I do know AWS was very unimpressed with me.)

In contrast Linux systems are often set up that way without issue.

It is possible to get Linux into a state where it becomes a huge headache to update

If you mainly use a browser like chrome, it should be pretty safe. The general threat model is likely not as safe/mature as Win/MacOS as far as running a bunch of untrusted apps go.

You're fine with out of the box experience in most cases.

Try something from universal blue!

i have been using ubuntu at work for 8yrs now. i fail to grasp the question..

It was safe to daily drive in 1996.

Safe in what sense?

As someone who's been daily running it since 2008, I'm gonna say yes anyway though. It's secure (one definition of safe) and no more likely to eat your data than any other OS. Still back things up though, hardware failures happen.

What to config? Nothing. Don't touch shit if you don't know what you're doing. That's the secret to having a stable system, not messing with it.

Yes!

I have

[dead]