A Total Inversion of Philosophy

When I first read these words, I thought to myself “that’s not remotely how security works.”:

If you have access to the user’s session bus, then you are a trusted/unsandboxed process with full permissions to do absolutely anything on the bus. This is fundamental to the Linux desktop security model and must be understood.

I now recognize it to be absolutely correct about a platform I hadn’t previously understood.

Desktop Linux in 2026

I began using Linux with Ubuntu 6.06. That was twenty years ago. At the time, Ubuntu shipped with sysvinit. PulseAudio had not yet been written, let alone Pipewire. Systemd wouldn’t be released for another five years, and it would remain controversial for the better part of a decade following. GNOME 2.14 was the default desktop. And the distance between Linux and BSD was not so great.

Twenty years on, Linux is not that platform.

Identifying the Linux desktop as anything other than the stack including systemd, dbus, and flatpak is a fundamental disagreement with the architecture of the modern Linux desktop. Systemd isn’t first among equals. It’s the foundation of the userland upon which the entire rest of the stack is built. Flatpak isn’t an alternative app distribution platform. It’s a fundamental part of the security architecture. And xdg-desktop-portals aren’t pointless overhead. They’re the seal between the application sandbox and the session bus.

Silverblue isn’t the future of Linux because it’s cool, but because a minimal cohesive base isolated from application installation is the correct implementation of the desktop Linux platform. Everything that subverts this architecture isn’t an alternative solution; it is incomplete.

In fact, the one thing Silverblue gets wrong is the inclusion of Firefox - arguably the largest surface area for attack - in the base system. This should be removed and installed as a Flatpak to maintain the cohesion of the security model.

When, in my last article, I said “I am not the same computer user that I was in December”, this philosophical inversion was not yet complete. But the statement is more true now than ever. And in keeping with this inversion, I am rebuilding my Gentoo desktop around Systemd and flatpak.