N.E.P.T.R

Docker guest still shares a kernel with host. Use a custom OCI runtimes like kata-containers (VM) or gVisor/sydbox-oci (unprivileged application kernel) to reduce the kernel attack surface and protect against privelege escalation.

Yes

I am not a troll. You don’t need to be an ass.

Just because a system doesnt have a CVE doesn’t make it secure. It needs proper exploit mitigations. Read why Linux isn’t secure here.. The article is written by the lead developer of Whonix OS (Security hardened Debian with a focus on anonymity). If you had checked out any of the references from my previous comments you would have learned more about why I have this opinion.

Kali isn’t any more secure than regular Debian, while also having a larger attack surface, and no kernel hardening, protecting of GUI, or application isolation. What makes it “secure”?

My point exactly. A large attack surface means less secure. My point was that Kali isn’t focused on being a secure OS. It is all about the tools. Even without a vulnerability, a secure OS should protect against unknowns.

Ubuntu font. Idk why but I like it.

Eventually it’ll trickle down.

I get 12hrs

PCs aren’t secure. Linux default isnt secure. Kali has so many apps/tools installed by default that it isnt comparable to default Linux. It has massive attack surface and no security design, therefore calling it secure isn’t accurate.

If no effort was put into the security design of an OS, why call it secure?

No, it is not a proxy for another search index/engine.

Yes, you can add Brave search to your other browsers.

Alt text: When water’s temperature falls below 0°C, it undergoes Bouba to Kiki.

Pic: The picture has a diagram showing water above freezing being flowy and liquid, and below freezing being rigid and icy. Many people find the sounds Bouba and Kiki to match visually to the look of rounded and pointy shapes respectively.