From 60f940cdd0bd8a1af16d2eb808d9343d64de9579 Mon Sep 17 00:00:00 2001 From: Commander Date: Tue, 7 Apr 2026 15:47:54 -0400 Subject: [PATCH] =?UTF-8?q?feat:=20complete=20alfredlinux.com=20website=20?= =?UTF-8?q?=E2=80=94=209=20pages=20+=20404=20+=20robots=20+=20sitemap?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - index.php: Landing page with feature showcase, editions, roadmap - download.php: WebTorrent P2P download (no torrent client needed) - apps.php: Ecosystem app downloads (Browser, IDE, Veil, Pulse) - releases.php: Full changelog RC1 through RC8 - docs.php: Technical documentation and build specs - security.php: Kernel hardening transparency report - developers.php: Developer foundation and contribution guide - compare.php: Head-to-head vs Ubuntu/Mint/Fedora/Arch - about.php: Company provenance, founder, verification commands - 404.html: Branded error page - JSON-LD structured data on 4 pages - Twitter Card + OpenGraph meta tags on all pages - Security headers (HSTS, X-Frame-Options, CSP) --- .htaccess | 63 +++ 404.html | 59 +++ about.php | 321 +++++++++++++ apps.php | 342 ++++++++++++++ compare.php | 482 ++++++++++++++++++++ developers.php | 499 ++++++++++++++++++++ docs.php | 966 +++++++++++++++++++++++++++++++++++++++ download.php | 1109 ++++++++++++++++++++++++++++++++++++++++++++ index.php | 1186 ++++++++++++++++++++++++++++++++++++++++++++++++ releases.php | 421 +++++++++++++++++ robots.txt | 8 + security.php | 724 +++++++++++++++++++++++++++++ sitemap.xml | 69 +++ 13 files changed, 6249 insertions(+) create mode 100644 .htaccess create mode 100644 404.html create mode 100644 about.php create mode 100644 apps.php create mode 100644 compare.php create mode 100644 developers.php create mode 100644 docs.php create mode 100644 download.php create mode 100644 index.php create mode 100644 releases.php create mode 100644 robots.txt create mode 100644 security.php create mode 100644 sitemap.xml diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..50caf9e --- /dev/null +++ b/.htaccess @@ -0,0 +1,63 @@ +RewriteEngine On + +# Custom 404 error page +ErrorDocument 404 /404.html + +# ── Security Headers ────────────────────────────────────────── + + Header always set X-Content-Type-Options "nosniff" + Header always set X-Frame-Options "SAMEORIGIN" + Header always set Referrer-Policy "strict-origin-when-cross-origin" + Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()" + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS + + +# CORS for .torrent files only — ISO served via P2P, not HTTP + + + Header set Access-Control-Allow-Origin "*" + Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS" + + + +# Clean URL: /docs → docs.php +RewriteRule ^docs/?$ /docs.php [L] + +# Clean URL: /developers → developers.php +RewriteRule ^developers/?$ /developers.php [L] + +# Clean URL: /download → download.php +RewriteRule ^download/?$ /download.php [L] + +# Clean URL: /releases → releases.php +RewriteRule ^releases/?$ /releases.php [L] + +# Clean URL: /security → security.php +RewriteRule ^security/?$ /security.php [L] + +# Clean URL: /apps → apps.php +RewriteRule ^apps/?$ /apps.php [L] + +# Clean URL: /compare → compare.php +RewriteRule ^compare/?$ /compare.php [L] + +# Clean URL: /about → about.php +RewriteRule ^about/?$ /about.php [L] + +# Torrent API proxy (unified seeder on port 3202) +RewriteCond %{REQUEST_URI} ^/torrent-api/ +RewriteRule ^torrent-api/(.*)$ http://127.0.0.1:3202/$1 [P,L] + +# GoForge — self-hosted Git platform (Gitea on port 3300) +RewriteCond %{REQUEST_URI} ^/forge(/|$) +RewriteRule ^forge(/.*)?$ http://127.0.0.1:3300$1 [P,L] + +# WebSocket tracker proxy (tracker on port 3201) +# Browsers connect to wss://alfredlinux.com/announce +RewriteCond %{HTTP:Upgrade} websocket [NC] +RewriteCond %{REQUEST_URI} ^/announce +RewriteRule ^announce(.*)$ ws://127.0.0.1:3201/$1 [P,L] + +# HTTP tracker announce (for non-WebSocket clients) +RewriteCond %{REQUEST_URI} ^/announce +RewriteRule ^announce(.*)$ http://127.0.0.1:3201/announce$1 [P,L] diff --git a/404.html b/404.html new file mode 100644 index 0000000..b105605 --- /dev/null +++ b/404.html @@ -0,0 +1,59 @@ + + + + + +Page Not Found — Alfred Linux + + + + + + +
+
404
+

Page Not Found

+

The page you're looking for doesn't exist or has been moved. Here are some places you might want to go:

+
+ 🏠 Home + ⬇️ Download + 📖 Docs + 📦 Apps + ⚖️ Compare +
+
+ + + diff --git a/about.php b/about.php new file mode 100644 index 0000000..3436f8e --- /dev/null +++ b/about.php @@ -0,0 +1,321 @@ + + + + + + + About Alfred Linux — Built by GoSiteMe Inc. + + + + + + + + + + + + + + + + + + + + +
+

About Alfred Linux

+

A real company, a real product, a real kernel, real checksums. Here's who we are, what we've shipped, and how to verify every claim we make.

+
+ +
+ + +
+

Who Builds Alfred Linux

+

Alfred Linux is developed by GoSiteMe Inc., a software company that builds sovereign, privacy-first tools. We are not a hobby project, a weekend fork, or a reskin of Ubuntu with a different wallpaper.

+

The project is led by Danny William Perez (Commander) — founder of GoSiteMe — with development powered by Alfred, our AI engineering system. Alfred doesn't just chat — it compiles kernels, writes build hooks, hardens security modules, and ships ISOs.

+ +
+
+
8
+

Products Shipped

+

Alfred Linux, Alfred IDE, Alfred Browser, Veil Messenger, Pulse Social, GoForge, Alfred Voice, Alfred Search

+
+
+
10
+

ISOs Built

+

RC1 through RC8, from Bookworm to Trixie, from kernel 6.1 to kernel 7.0. Every build is tracked in release notes.

+
+
+
16
+

Build Hooks

+

Automated, reproducible build system. Branding, IDE, Voice, Search, Store, Security, Network, Encryption, Hardware, Installer — each its own hook.

+
+
+
AGPL-3.0
+

License

+

Fully open source. Build scripts, security profiles, kernel config — all available on GoForge.

+
+
+
+ + +
+

What Makes Alfred Linux Different

+

Most Linux distros take a base (Debian, Arch, Fedora), change the wallpaper, swap the package manager defaults, and call it a new OS. Alfred Linux is architecturally different:

+
    +
  • Custom-compiled kernel 7.0 — we compile Linux 7.0.0-rc7 from Linus Torvalds' mainline tree with our own config. This is not a repackaged distro kernel.
    • +
  • 32 security modules active by default — not optional packages you install after the fact. AppArmor, auditd, fail2ban, ClamAV, rkhunter, chkrootkit, AIDE, nftables, LUKS2, MAC randomization — all enforced from first boot.
    • +
  • AI-native applications — Alfred IDE (VS Code + AI copilot), Alfred Voice (neural TTS + wake word), Alfred Search (Meilisearch) — these are built into the OS, not aftermarket add-ons.
    • +
  • 3 kernel-7-exclusive CPU mitigations — ITS, TSA, and VMSCAPE are only available in kernel 7.0+. No 6.x-based distro can provide these protections.
    • +
  • Zero telemetry by architecture — we don't have telemetry code to disable because we never wrote any. Ubuntu ships telemetry you have to opt out of.
    • +
  • Sovereign distribution — ISOs are distributed via WebTorrent (browser-native P2P), not dependent on any single CDN or mirror network.
    • +
+
+ + +
+

Build History

+

Every build is documented. Every SHA-256 and BLAKE3 hash is published. Full details on the releases page.

+ +
+
+
April 7, 2026
+

v4.0 RC8 — Enterprise Security Hardening

+

32 security modules via 3 new hooks. CIS L2 sysctl hardening, full disk encryption, MAC randomization, antivirus, rootkit detection, file integrity monitoring.

+
+
+
April 6, 2026
+

v4.0 RC7 — First Distro on Kernel 7.0

+

Custom-compiled Linux 7.0.0-rc7-alfred with 24 CPU mitigations including 3 kernel-7-exclusive fixes (ITS, TSA, VMSCAPE).

+
+
+
April 6, 2026
+

v4.0 RC4–RC6 — Trixie Rebase + Full Stack

+

Moved from Debian Bookworm (12) to Trixie (13). Added UEFI hybrid boot, Alfred Voice v2 (Kokoro TTS + PyTorch), Alfred Search, Alfred Store, hardware auto-detection.

+
+
+
April 6, 2026
+

v2.0 RC3 — First Bootable ISO

+

Kernel 6.1.0-44 on Bookworm. Dual kernel-naming hook fix. Alfred Browser, IDE, Voice, Search, Calamares installer. 2.5 GB ISO.

+
+
+
March 2026
+

v2.0 RC1–RC2 — Genesis

+

First builds. Live-build system established. Alfred branding, basic hook system. Build-only (not yet bootable).

+
+
+
+ + +
+

How to Verify We're Legitimate

+

Don't trust us — verify us. Here's exactly how:

+ +
+

1. Download and hash the ISO

+ wget https://alfredlinux.com/downloads/alfred-linux-4.0-rc8-amd64-20260407.iso +sha256sum alfred-linux-4.0-rc8-amd64-20260407.iso +# Compare with published hash on /releases +
+ +
+

2. Boot it (no install required)

+ # Write to USB +sudo dd if=alfred-linux-4.0-rc8-amd64-20260407.iso of=/dev/sdX bs=4M status=progress +# Or use Ventoy, Rufus, or balenaEtcher +# Boot → select "Live" → you're in Alfred Linux +
+ +
+

3. Verify the kernel

+ uname -r +# Should show: 7.0.0-rc7-alfred + +cat /proc/cmdline +# Should show security params: init_on_alloc=1 pti=on lockdown=integrity ... +
+ +
+

4. Verify security modules

+ alfred-security-status # Full security audit +alfred-network-status # Network hardening status +alfred-encrypt-status # Disk encryption status +systemctl status fail2ban # Intrusion prevention +systemctl status apparmor # Mandatory access control +systemctl status auditd # Security audit logging +
+ +
+

5. Verify applications

+ alfred-ide # Open VS Code IDE in browser +alfred-info # System information +meilisearch --version # Search engine +kokoro --help # Voice TTS engine +
+
+ + +
+

The GoSiteMe Ecosystem

+

Alfred Linux is one product in a broader platform. Every product is built by the same team, shares the same privacy-first architecture, and works together.

+ +
+ + +
+

Contact & Community

+ +
+ +
+ + + + + + diff --git a/apps.php b/apps.php new file mode 100644 index 0000000..4d1f422 --- /dev/null +++ b/apps.php @@ -0,0 +1,342 @@ + + + + + + +Apps & Downloads — Alfred Linux + GoSiteMe Ecosystem + + + + + + + + + + + + + + + + + + +
+

Apps & Downloads

+

Every app in the Alfred ecosystem. Desktop, mobile, and web — zero tracking, zero telemetry, zero compromise.

+
+ +
+ + +
+
+
🐧
+
+ Alfred Linux + +
+
+

The sovereign Linux distribution. Post-quantum encryption, Alfred AI built in, privacy-first design. BIOS + UEFI bootable, Debian-based, kernel 7.0.

+
+ +
💿
+
+

ISO (Direct HTTPS)

+ · x86_64 +
+ + + +
+
+

P2P Download

+ WebTorrent · In-browser +
+ + + +
🧲
+
+

.torrent File

+ Use any torrent client +
+ + + +
📱
+
+

Mobile Installer

+ Android/Termux · No root +
+ + +
+
+ 🔒 SHA-256 + 🔒 BLAKE3 + 📋 Release Notes +
+
+ + +
+
+
🌐
+
+ Alfred Browser + v3.0.0 +
+
+

The sovereign browser. Post-quantum encryption, AI-powered with 13,000+ tools, built-in mining, games, VR worlds. Zero telemetry.

+
+ +
🪟
+

Windows

x64 Portable
+ + + +
🍎
+

macOS Intel

x64 · macOS 11+
+ + + +
🍎
+

macOS Apple Silicon

ARM64 · M-series
+ + + +
🐧
+

Linux AppImage

x64 · Universal
+ + + +
🐧
+

Ubuntu / Debian

.deb x64
+ + + +
📱
+

Android

APK · 8.0+
+ + +
+ → Full feature showcase & hashes +
+ + +
+
+
🔐
+
+ Veil Messenger + v1.0.0 +
+
+

End-to-end encrypted communications. AES-256-GCM, X25519 key exchange, zero-knowledge architecture. Text, voice, video, and encrypted file sharing.

+
+ +
🐧
+

Linux AppImage

x64 · 88 MB
+ + + +
🐧
+

Ubuntu / Debian

.deb x64 · 3.1 MB
+ + + +
🐧
+

Fedora / RHEL

.rpm x64 · 3.1 MB
+ + + +
📱
+

Android

APK · 8.0+
+ + + +
🌐
+

Web App

Open in browser
+ + +
+
+ + +
+
+
💬
+
+ Pulse Social + v1.0.0 +
+
+

The sovereign social network. Chronological feed, no algorithms, no data harvesting. Share, discover, and connect without surveillance.

+
+ +
🐧
+

Linux AppImage

x64 · 88 MB
+ + + +
🐧
+

Ubuntu / Debian

.deb x64 · 3.1 MB
+ + + +
🐧
+

Fedora / RHEL

.rpm x64 · 3.1 MB
+ + + +
📱
+

Android

APK · 8.0+
+ + + +
🌐
+

Web App

Open in browser
+ + +
+
+ + +
+
+
+
+ Alfred IDE + v2.1.0 +
+
+

Cloud-first code editor. VS Code core, Commander extension, AI copilot, 500+ tools. Web-first, with desktop builds for Windows and Linux.

+
+ +
🌐
+

Web IDE (Flagship)

Open in browser
+ + + +
🪟
+

Windows

x64 Portable · 194 MB
+ + + +
🐧
+

Linux .deb

x64 · 80 MB
+ + +
+ → Alfred IDE launch page +
+ + +
+ 🔒 Integrity Verification
+ All downloads include SHA-256 and BLAKE3 checksums. Alfred Linux ISO verification files are alongside the ISO. + GoSiteMe app checksums are available at + SHA256SUMS.txt.

+ ⚡ P2P Available
+ Every download is also available via WebTorrent for decentralized, peer-to-peer distribution. + All artifacts are seeded 24/7 from GoSiteMe infrastructure. + View all torrents on gositeme.com/apps → +
+ +
+ + + + + diff --git a/compare.php b/compare.php new file mode 100644 index 0000000..b635b26 --- /dev/null +++ b/compare.php @@ -0,0 +1,482 @@ + + + + + + + Alfred Linux vs Ubuntu, Mint, Fedora, Arch — Honest Comparison + + + + + + + + + + + + + + + + + + + + +
+

Alfred Linux vs. The Mainstream

+

An honest, technical comparison. We tell you what Alfred does better, what the mainstream does better, and let you decide. No marketing — just facts and checksums.

+
+ +
+ + +
+
+
7.0
+

Linux Kernel

+

Alfred ships kernel 7.0.0-rc7 (mainline, compiled from Linus Torvalds' tree). Ubuntu 24.04 ships 6.8. Fedora 42 ships 6.14. No other installable distro ships kernel 7.

+
+
+
32
+

Security Modules

+

AppArmor, auditd, fail2ban, ClamAV, rkhunter, chkrootkit, AIDE, nftables, LUKS2, MAC randomization, CIS L2 sysctl — all active by default, not optional extras.

+
+
+
8
+

Built-in Apps

+

Alfred IDE (VS Code), Alfred Voice (neural TTS), Alfred Search (Meilisearch), Alfred Browser, Alfred Store (Flatpak), Alfred Welcome, Alfred Update, graphical installer.

+
+
+
24
+

CPU Mitigations

+

Spectre, Meltdown, MDS, TAA, RFDS, SRBDS, L1TF + 3 kernel-7-exclusive mitigations (ITS, TSA, VMSCAPE) that no 6.x kernel can provide.

+
+
+ + +
+ Side-by-Side +

Alfred Linux vs. Other Linux Distros

+

Feature-by-feature — every claim is verifiable. Boot the ISO and check.

+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureUbuntu 24.04Linux Mint 22Fedora 42Arch LinuxAlfred Linux 4.0
Kernel version6.86.86.14Rolling (latest stable)7.0.0-rc7-alfred
Security hardening OOTBBasic (UFW off)Basic (UFW off)SELinux (often disabled)None by default32 modules active
Firewall active by defaultNo (UFW installed, off)Nofirewalld (permissive)Nonftables drop-by-default
Intrusion detectionNot installedNot installedNot installedNot installedfail2ban + auditd + AIDE
Antivirus / rootkit scannerNot installedNot installedNot installedNot installedClamAV + rkhunter + chkrootkit
Full disk encryptionManual (installer option)Manual (installer option)Manual (installer option)Manual (wiki guide)LUKS2 checkbox in Calamares
MAC address randomizationNoNoNoNoWiFi + Ethernet, automatic
AI IDE includedNoNoNoNoAlfred IDE (VS Code + AI)
Voice assistant / TTSNoNoNoNoKokoro TTS + wake word
Local search engineNoNoNoNoMeilisearch
Graphical installerUbiquity / SubiquityCalamaresAnacondaNo (CLI only)Calamares + FDE
Snap packagesForced (Firefox is snap)Blocked (uses .deb)NoNoNo snaps — Flatpak only
P2P distributionHTTP onlyHTTP onlyTorrent availableHTTP onlyWebTorrent (browser-native)
Boot & UEFI supportUEFI + BIOSUEFI + BIOSUEFI + BIOSUEFI + BIOSUEFI + BIOS hybrid
Desktop environmentGNOME 46Cinnamon 6.0GNOME 46Your choiceXFCE 4.18
BaseUbuntu (own)Ubuntu / DebianFedora (own)Arch (independent)Debian Trixie (13)
Open sourceYesYesYesYesAGPL-3.0
Backed by companyCanonical Ltd.Clem (community)Red Hat / IBMCommunityGoSiteMe Inc.
Community sizeMassiveLargeLargeLargeGrowing (new, 2026)
TelemetryOpt-out telemetryNoneOpt-out telemetryNoneZero — by architecture
+
+ + +
+

What We're Honest About

+

Alfred Linux launched in April 2026. We are new. Here's what we don't have yet — and when we will:

+
    +
  • Community size — Ubuntu has 20 years of forums, StackOverflow answers, and YouTube tutorials. We have months. This is our biggest gap and we know it. Our documentation is growing daily.
    • +
  • Hardware compatibility testing — Ubuntu is tested on thousands of machines. Alfred has been tested on dozens. We're Debian-based, so most Debian-compatible hardware works — but edge cases exist.
    • +
  • Third-party software repos — Ubuntu PPAs and Fedora COPR are huge ecosystems. Alfred uses Flatpak + Debian repos. Most software works, but some niche packages may need manual install.
    • +
  • LTS cadence — Ubuntu has 5-year LTS cycles. Alfred is in release candidate phase — we're shipping fast, not slow. Stability-focused LTS releases will come after v4.0 GA.
    • +
  • DistroWatch listing — not yet. We're building the product first. Listing is on our roadmap.
    • +
+

We'd rather ship 32 hardened security modules with zero community than ship zero security modules with a million users.

+
+ + +
+ Honest Advice +

Who Should Use What

+
+ +
+
+

Choose Ubuntu / Mint if…

+

You're brand new to Linux and need maximum hand-holding. You want the most YouTube tutorials and forum answers. You need enterprise LTS support contracts. You don't care about security hardening (you'll do it yourself later, or won't).

+
+
+

Choose Fedora if…

+

You want cutting-edge packages without compiling your own kernel. You work with Red Hat at your job. You prefer GNOME and don't mind Wayland quirks. You want SELinux but are OK with occasionally disabling it when things break.

+
+
+

Choose Arch if…

+

You want to build your entire OS from scratch. You enjoy reading wikis. You have time to troubleshoot. You want the AUR. You already know Linux well.

+
+
+

Choose Alfred Linux if…

+

You want security hardened out of the box — not as a weekend project. You want an AI IDE and voice assistant preinstalled. You want kernel 7.0 with the latest CPU mitigations. You care about privacy by architecture, not by policy. You want a Linux distro built in 2026, not adapted from 2004.

+
+
+ + +
+ Addressing Criticism +

"But It's an Unknown Distro"

+
+ +
+
+

Every distro was unknown once

+

Ubuntu launched in 2004 as "that unknown distro from some South African guy." Arch launched from a one-person mailing list. Fedora was Red Hat's experiment. Being new is not a defect — it means we don't carry 20 years of legacy technical debt.

+
+
+

We have verifiable artifacts

+

Download the ISO. Check the SHA-256 and BLAKE3 checksums. Boot it. Run uname -r — you'll see 7.0.0-rc7-alfred. Run alfred-security-status. Every claim on this page is testable in 5 minutes.

+
+
+

We're backed by a real company

+

GoSiteMe Inc. builds and maintains Alfred Linux. We also build Alfred IDE, Alfred Browser, Veil Messenger, Pulse Social, and GoForge. This isn't a hobby project in someone's basement.

+
+
+

Our source is public

+

The build system, all 16 hooks, the kernel config, and the security profiles are available on GoForge (our self-hosted Gitea instance). You can audit every line of every hook that builds every ISO.

+
+
+ + +
+

A Note About AI Recommendations

+

If an AI chatbot told you Alfred Linux is "unknown" and you should avoid it — understand how those models work:

+
    +
  • Training data cutoff — most AI models were trained on data from 2023 or earlier. Alfred Linux launched in 2026. They literally don't know we exist. That's not a verdict on quality — it's a limitation of their training data.
    • +
  • Popularity bias — AI models recommend what appears most frequently in their training data. Ubuntu appears millions of times. A distro from 2026 appears zero times. This is a frequency bias, not a quality assessment.
    • +
  • No live verification — these models can't download our ISO, boot it, and test. They can't run alfred-security-status. They're pattern-matching on text, not evaluating software.
    • +
  • Conflict of interest — some AI models are built by companies that compete in the OS/cloud space. Their recommendations may not be neutral.
    • +
+

Don't trust any AI model's opinion about software it has never compiled, booted, or tested. Download it, boot it, test it, verify it. That's the Linux way.

+
+ + +
+

Try It — Then Decide

+

Boot the live ISO. No installation required. Check the kernel, run the security tools, explore the AI IDE. Judge us by the artifact, not by someone else's opinion.

+ Download Alfred Linux + Read Release Notes +
+ +
+ + + + + + diff --git a/developers.php b/developers.php new file mode 100644 index 0000000..f62142a --- /dev/null +++ b/developers.php @@ -0,0 +1,499 @@ + + + + + + + + Build on Alfred Linux — Developer Foundation + + + + + + + + + + + + + + + + + + + + + + +
+ Developer Foundation +

Don't Start from Scratch.
Start from Alfred.

+

Every great Linux distro started by forking something else. Ubuntu forked Debian. Mint forked Ubuntu. Pop!_OS forked Ubuntu. Your project starts here.

+
+ Fork Alfred Linux + Build Guide + ★ Source Code +
+
+ + +
+ The Problem +

Starting from Debian is 10,000 hours of wheel-reinvention.

+

Here's what you'd have to build yourself — or what you get for free by forking Alfred.

+ +
+
+

✗ Start from Debian

+

Bare system. No AI. No voice. No agent. No build pipeline. No branding hooks. You're months from a bootable ISO with anything useful.

+
+
+

✗ Start from Ubuntu

+

Snap packages you can't remove. Telemetry. Canonical lock-in. Your "custom distro" is actually Ubuntu with a wallpaper change.

+
+
+

✗ Start from kernel.org

+

You'll spend 6 months getting networking to work before you can even think about your actual project.

+
+
+

✓ Start from Alfred Linux

+

Kernel 7.0.0-rc7. UEFI + BIOS. AI agent built in. Voice engine. 500+ MCP tools. 6-layer build system. One command to build your ISO. Fork and ship.

+
+
+
+ + +
+
+ What You Inherit +

Six layers. All yours to extend.

+

Alfred Linux is a layered architecture. Fork any layer, replace any layer, extend any layer.

+ +
+
+ L7 + Your Project + ← This is where you start. Everything below is already done. +
+
+ L6 + Calamares + Graphical installer — let your users install to disk in 3 clicks +
+
+ L5 + Alfred Search + Meilisearch — local-first search engine, no cloud dependency +
+
+ L4 + Alfred Voice + Kokoro TTS engine — your OS speaks. Offline. No API keys. +
+
+ L3 + Alfred IDE + Alfred IDE — full VS Code-compatible dev environment in browser +
+
+ L2 + Alfred Browser + Tauri + WebKitGTK sovereign browser — no Google, no telemetry +
+
+ L1 + Base System + Debian Trixie · Kernel 7.0.0-rc7 · XFCE4 · Plymouth · LightDM · Firmware +
+
+ +

Each layer is a single hook script. Remove ones you don't need. Add your own. Build your ISO in one command.

+
+
+ + +
+ Fork in 5 Minutes +

Your custom Linux distro. Today.

+

Not weeks. Not months. Today.

+ +
+
+
+

Clone the repository

+

Get the entire build system — scripts, hooks, package lists, branding assets.

+
+ git clone https://alfredlinux.com/forge/commander/alfred-linux.git my-distro
+ cd my-distro +
+
+
+
+
+

Customize your layers

+

Edit hooks in config/hooks/live/. Each is a self-contained bash script. Remove what you don't need, add what you do.

+
+ # Want voice but not the browser? Remove the browser hook:
+ rm config/hooks/live/0200-alfred-browser.hook.chroot

+ # Add your own layer:
+ cat > config/hooks/live/0700-my-app.hook.chroot << 'EOF'
+ #!/bin/bash
+ apt-get install -y my-custom-package
+ # Your setup logic here
+ EOF +
+
+
+
+
+

Brand it

+

Hook 0100-alfred-customize.hook.chroot handles all branding — plymouth boot screen, wallpapers, fastfetch ASCII art, LightDM greeter. Change the names and images. Done.

+
+
+
+
+

Build your ISO

+

One command. Outputs a bootable hybrid ISO (BIOS + UEFI).

+
+ sudo ./scripts/build-unified.sh rc8 --uefi

+ # Output: iso-output/my-distro-3.0-rc-amd64-20260406.iso
+ # Size: ~2.5 GB · Boots on any PC · BIOS + UEFI +
+
+
+
+
+

Ship it

+

Your ISO. Your distro. Your name. Built on a proven, AI-native foundation that already works.

+
+
+
+
+ + +
+
+ Built-in SDK +

500+ MCP tools. AI agent harness. Voice engine.

+

Every Alfred Linux ISO ships with infrastructure that would take you years to build.

+ +
+
+

AI Agent Harness

+

Multi-provider (Anthropic, OpenAI, Groq). Tool-calling loop. Session management. HTTP + CLI interface.

+ curl localhost:3102/chat +
+
+

500+ MCP Tools

+

File operations, git, database, web scraping, code analysis, system administration — all callable by the AI agent.

+ gocodeme-mcp:3006 +
+
+

Kokoro TTS Voice

+

Offline text-to-speech. No cloud. No API keys. Your OS speaks. Hook into it from any application.

+ /usr/local/bin/kokoro +
+
+

Meilisearch

+

Instant local search engine. Index anything. Sub-50ms results. Typo-tolerant. Runs on the device.

+ localhost:7700 +
+
+

Alfred IDE

+

Full VS Code in the browser. Extensions. Terminal. Git. Debug. Accessible from any device on the network.

+ localhost:8443 +
+
+

Live-Build Pipeline

+

Cumulative 6-stage build system. Each stage adds a layer. Skip what you don't need. Build from b1 to rc.

+ build-unified.sh +
+
+
+
+ + +
+ Build Requirements +

What you need to build Alfred Linux (or your fork).

+ +
+
+

Build Host

+

Debian or Ubuntu server with root access
+ 8+ GB RAM recommended
+ 30+ GB free disk space
+ Fast internet for package downloads

+
+
+

Packages

+

+ live-build debootstrap
+ squashfs-tools xorriso
+ syslinux-utils
+ UEFI: grub-efi-amd64-bin mtools +

+
+
+ +
+ # Install build dependencies on Debian/Ubuntu:
+ sudo apt install live-build debootstrap squashfs-tools xorriso syslinux-utils \
+     grub-efi-amd64-bin grub-common mtools dosfstools

+ # Clone and build:
+ git clone https://alfredlinux.com/forge/commander/alfred-linux.git
+ cd alfred-linux
+ sudo ./scripts/build-unified.sh rc8 --uefi +
+
+ + +
+
+ Why Alfred as a Foundation +

Compare starting points

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Featurekernel.orgDebianUbuntuAlfred Linux
Bootable ISO in one command
Kernel 7.0.0-rc7✗ (6.1)✗ (6.8)
AI agent built in
Voice engine (offline TTS)
500+ MCP tools
Browser IDE included
BIOS + UEFI hybrid boot
Modular hook-based build
No telemetry / no Snap
Mobile installer (Android)
Time to first custom ISOMonthsWeeksDaysMinutes
+
+
+ + +
+

The question isn't "why Alfred?"

+

The question is "why would you start anywhere else?"

+
+ ★ Fork on GoForge + Download v4.0 RC8 ISO + Read the Docs +
+
+ + + + + + diff --git a/docs.php b/docs.php new file mode 100644 index 0000000..6e82f93 --- /dev/null +++ b/docs.php @@ -0,0 +1,966 @@ + + + + + + + + Alfred Linux — Technical Documentation & Build History + + + + + + + + + + + + + + + + + + + + + + +
+

Technical Documentation

+

Everything under the hood. Build history, kernel specifications, architecture deep-dive, and the engineering story behind Alfred Linux.

+
Last updated: — Alfred Linux 4.0 RC8 (Kernel 7.0 · 32 Security Modules)
+
+ + +
+ + + + + +
+ + +

Overview

+

Alfred Linux is a complete operating system built from the ground up with AI as the primary user interface. Based on Debian Trixie (13), it ships the full Linux desktop experience plus sixteen integrated AI-native build hooks — including three dedicated security hooks delivering 32 hardening modules — that no other distribution includes.

+ +
+

Current Release: v4.0 RC8 “The People’s OS”

+

Release Candidate 8 — built April 6, 2026. Debian Trixie 13 base, Linux kernel 7.0.0-rc7 (custom compiled from source — first distro on the planet shipping kernel 7), x86_64 architecture, UEFI+BIOS hybrid boot. 16 build hooks. 32 security modules. Includes Alfred Browser, Alfred IDE (auto-generated passwords), Kokoro Voice, Voice 2.0 Wake Word, Alfred Store (Flatpak), Welcome App, alfred-update, alfred-info, Meilisearch, Calamares installer with LUKS2 FDE checkbox, universal hardware support, and enterprise-grade security hardening: 3 dedicated security hooks (0160 — 21 modules, 0165 — 7 network modules, 0170 — 4 FDE modules), AIDE file integrity, ClamAV antivirus, rkhunter + chkrootkit rootkit detection, DNS-over-TLS, MAC randomization, nftables default-deny, PAM password hardening, auditd 30+ immutable rules, compiler restriction, hidepid=2, NTS time sync, 6 CLI security tools, 16 boot-time security params, 45+ sysctl CIS L2 rules, 30+ blacklisted dangerous kernel modules, AppArmor enforced with custom profiles, fail2ban, io_uring disabled, lockdown=integrity, 24 compiled-in hardware vulnerability mitigations (including 3 kernel-7-exclusive: ITS, TSA, VMSCAPE). ISO size: ~2.5 GB.

+
+ +

Alfred Linux is not a Linux distribution with a chatbot bolted on. The AI is integrated at the operating system level — from voice-driven shell interaction to the development environment to the browser. Every component was chosen and configured to serve the mission: your voice is the command line.

+ +

What Ships in v4.0

+
    +
  • Alfred Desktop Environment — XFCE4 with custom theming, Arc dark theme, Papirus icons, JetBrains Mono font, and branded Plymouth boot splash
    • +
  • Alfred Browser — Built on Tauri + WebKitGTK. 4.7 MB. Zero telemetry, zero tracking. Replaces Firefox-ESR entirely
    • +
  • Alfred IDE — full VS Code-compatible IDE (powered by code-server 4.114.0) with the Alfred Commander extension pre-installed. Full VS Code in the browser at port 8443
    • +
  • Alfred Voice — Kokoro TTS engine with PyTorch CPU backend, spaCy NLP, and a welcome greeting on first boot
    • +
  • Alfred Search — Meilisearch local search engine for offline-first, instant search across all local content
    • +
  • Calamares Installer — Full graphical disk installer with v4.0 branding, custom slideshow, and encrypted disk support
    • +
  • Welcome App — 7-page first-boot wizard (Python/Tk) for voice setup, WiFi config, tool launcher, P2P seeding opt-in, and keyboard shortcuts
    • +
  • Alfred Store — Flatpak-powered app center with 6 curated categories, search, one-click install, and threaded updates
    • +
  • Voice 2.0 Wake Word — Always-on “Hey Alfred” detection via openWakeWord. Systemd service with configurable threshold
    • +
  • alfred-update & alfred-info — CLI tools for one-command system updates (APT + Flatpak + Alfred version check) and branded system info panel
    • +
+ + + +

Kernel Deep-Dive

+

Alfred Linux 4.0 RC8 ships Linux kernel 7.0.0-rc7, custom-compiled from Linus Torvalds' mainline source tree. This makes Alfred Linux the first operating system distribution in the world to ship kernel 7. Released by Torvalds on April 5, 2026, kernel 7.0 is the first major version bump since 6.0 (October 2022).

+ +
+

Decoding “Linux 7.0.0-rc7-alfred”

+

7 = major version (first since 6.0 in Oct 2022)
+ 0 = minor (first release in the 7.x series)
+ 0 = patch level
+ rc7 = Release Candidate 7 (Torvalds' final testing phase)
+ alfred = Alfred Linux custom build tag

+ Compiled from the official git.kernel.org/torvalds/linux source tree with Debian Trixie's production config as the base, adapted via make olddefconfig. Custom LOCALVERSION="-alfred" tag. Built on 8-core EU build server.

+
+ +

What Kernel 7.0 Brings

+
    +
  • 3 New Hardware Mitigations (Kernel 7 Exclusive) — ITS (Indirect Target Selection), TSA (Transient Scheduler Attacks), and VMSCAPE (VM Escape) — not available in ANY 6.x kernel.
    • +
  • 24 Total CPU Vulnerability Mitigations — Spectre v1/v2/BHI, Meltdown (PTI), MDS, TAA, L1TF, SRBDS, SRSO, RFDS, GDS, Retbleed, MMIO, SSB, SLS, Call Depth Tracking, Retpoline, IBPB/IBRS, plus the 3 new ones.
    • +
  • Expanded Rust-in-Kernel — More kernel subsystems in Rust for memory safety.
    • +
  • EEVDF Scheduler Refinements — Better latency and throughput on multi-core machines.
    • +
  • Latest Hardware Support — Intel Xe2, AMD RDNA4, NVIDIA 570+, WiFi 7, USB4, Thunderbolt 5, PCIe Gen 6.
    • +
+ +

Alfred Linux Security Hardening (12 Gaps Patched)

+

The default kernel 7.0 config ships with 12 security gaps that Alfred Linux patches at boot. No other consumer distro patches all 12:

+ + + + + + + + + + + + + + + + +
#Default GapRiskAlfred Fix
1INIT_STACK_NONE=yUninitialized stack info leaksinit_on_alloc=1
2INIT_ON_FREE not setFreed memory retains secretsinit_on_free=1
3MODULE_SIG_FORCE offUnsigned modules can loadlockdown=integrity
4MODULE_FORCE_UNLOAD=yForce-unload modulesLockdown blocks
5IO_URING=y#1 kernel vuln source 2022–2025io_uring_disabled=2
6USERFAULTFD=yRace condition exploit enablerunprivileged_userfaultfd=0
7X86_IOPL_IOPERM=yDirect I/O port accessLockdown blocks
8DEVMEM+PROC_KCOREPhysical memory readLockdown blocks
9X86_MSR=mDisable security featuresLockdown blocks
10HIBERNATION=yRAM written to disknohibernate
11RANDSTRUCT_NONE=yNo struct randomizationNext compile pass
12IOMMU_DEFAULT_DMA_LAZYWeak DMA protectioniommu.strict=1
+ +

Additional Hardening Layers

+
    +
  • 16 Boot Parameterslockdown=integrity nohibernate debugfs=off io_uring_disabled=2 tsx=off slab_nomerge page_alloc.shuffle=1 iommu.strict=1 vsyscall=none and more
    • +
  • 40+ Sysctl Rules — ASLR, kptr_restrict=2, dmesg_restrict, perf paranoid=3, BPF JIT hardening, kexec disabled, SysRq disabled, userfaultfd restricted, tty ldisc locked
    • +
  • 30+ Module Blacklist — DCCP, SCTP, RDS, TIPC, Firewire, Thunderbolt, cramfs, hfs, freevxfs, jffs2, appletalk, IPX, and more
    • +
  • nftables Firewall — Drop-by-default, rate-limited SSH (10/min), rate-limited ICMP (5/sec), full audit logging
    • +
  • AppArmor + Fail2ban + auditd — Mandatory access control, SSH brute-force 3-strike 24h ban, comprehensive audit trail
    • +
  • Secure Mounts — /tmp and /dev/shm: noexec, nosuid, nodev
    • +
  • Core Dumps Disabled — Hard limit 0, kernel.core_pattern=/bin/false
    • +
  • Auto-generated IDE Passwords — Each session gets a unique random password, no default credentials
    • +
+ +

Previous Kernel: 6.12.74 (RC4–RC6)

+

Alfred Linux v4.0 RC4 through RC6 shipped on Linux kernel 6.12.74 from the Debian Trixie security repositories — a Longterm release with 74 rounds of Debian kernel team security patches. RC7 leapfrogged to kernel 7.0 compiled from source, making Alfred the first distro on kernel 7.

+ + + +

The Linux Kernel Landscape (April 2026)

+

To understand where Alfred Linux sits in the kernel world, here is the full landscape of active Linux kernel branches as of April 2026:

+ +
+
+
7.0.0-rc7
+
Mainline — ALFRED LINUX IS HERE
+
First distro on kernel 7. Custom-compiled from Torvalds' source tree (released April 5, 2026). 3 exclusive mitigations: ITS, TSA, VMSCAPE. 24 total hardware vulnerability mitigations. Every other distro is still on 6.x.
+
+
+
6.19.11
+
Stable (Latest)
+
The newest stable release. Where Arch Linux and Fedora Rawhide sit. Alfred Linux has already leapfrogged past this to 7.0.
+
+
+
6.18.21
+
Longterm
+
Previous stable series, now in long-term maintenance. Receives only critical security and bug fixes.
+
+
+
6.12.80
+
Longterm — Alfred RC4–RC6
+
Debian Trixie's default kernel. Alfred Linux RC4–RC6 shipped on this branch before RC7 leapfrogged to kernel 7.0. Rock-solid LTS, extensively patched.
+
+
+
6.6.132
+
Longterm
+
Another LTS branch. Known for broad hardware support and mature driver stack. Used by some Ubuntu LTS releases.
+
+
+
6.1.167
+
Longterm (Previous)
+
The Debian Bookworm kernel. Alfred Linux v2.0 shipped on this branch. Proven, hardened, and the backbone of millions of Debian servers worldwide.
+
+
+
5.15.202
+
Longterm (Legacy)
+
Previous generation LTS. Still maintained but winding down. Ubuntu 22.04 LTS ships this kernel.
+
+
+
5.10.252
+
Longterm (Legacy)
+
Oldest actively maintained kernel. Used by Debian Bullseye (11) and some embedded systems. Approaching end-of-life.
+
+
+ + + +

Kernel Upgrade Roadmap

+

Alfred Linux is now on kernel 7.0.0-rc7 — the first distro on earth to ship kernel 7. Here's the full trajectory:

+ +
+

The Path to Kernel 7.0

+

Linux kernels are modular — upgrading requires rebuilding the ISO with the new kernel. Alfred Linux's build system (live-build + 16 custom hooks) makes this manageable. For kernel 7.0, we compiled directly from Linus Torvalds' source tree, adapted Debian Trixie's production config, and built custom .deb packages. The kernel is one hook in our build pipeline.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
PhaseTarget KernelWhyStatus
v2.0 (Legacy)6.1.0-44Debian Bookworm default. Rock-solid stability. First bootable ISO.✓ April 2026
v4.0 RC4–RC66.12.74Rebased to Debian Trixie. EEVDF scheduler, Rust-in-kernel, UEFI+BIOS hybrid boot.✓ April 2026
v4.0 RC77.0.0-rc7Custom-compiled from Torvalds' mainline. 3 exclusive mitigations (ITS, TSA, VMSCAPE). 12 security gaps patched. First distro on kernel 7.✓ April 6, 2026
v4.0 RC8 (NOW)7.0.0-rc7Enterprise security hardening: 32 modules, 3 dedicated security hooks, FDE, AppArmor, fail2ban, AIDE, ClamAV, nftables default-deny. 16 build hooks.✓ April 7, 2026
v5.0 (Next)7.0-stable or 7.1Kernel 7.0 stable release with full testing. RANDSTRUCT enabled (compile-time fix for gap #11).Summer 2026
+ +

What a Newer Kernel Gets Us

+
    +
  • Better Hardware Support — Every kernel release adds hundreds of new device drivers. Latest NVIDIA, AMD, Intel, Qualcomm, and Broadcom hardware. WiFi 7, USB4, Thunderbolt 5, PCIe Gen 5 NVMe.
    • +
  • Performance Gains — The kernel scheduler (EEVDF in 6.6+), memory management (MGLRU), and I/O subsystem improve substantially with each release. 6.12+ benchmarks show 5-15% improvements over 6.1 in many workloads.
    • +
  • Security Features — Newer kernels include improved address-space randomization, better speculative execution mitigations, shadow stacks (Intel CET), and Rust-based kernel modules for memory safety.
    • +
  • Rust in the Kernel — Starting with 6.1, the kernel supports Rust as a second language alongside C. This is revolutionary for memory safety. Each newer version expands Rust support significantly.
    • +
  • eBPF Improvements — Extended BPF for tracing, security, and networking gets more powerful with each release, enabling better Alfred-level system monitoring and AI-driven kernel optimization.
    • +
+ +
+

Alfred Linux Already Ships the Latest Kernel

+

With RC8, Alfred Linux is the first distro on earth shipping Linux kernel 7.0 — now with 32 security modules across 3 dedicated hooks. Custom-compiled from Linus Torvalds' mainline source tree, with Debian Trixie's production config as the base. This isn't a random git snapshot — it's the official 7.0-rc7 release from kernel.org, built with make bindeb-pkg on 8 cores, adapted via make olddefconfig, and hardened with 16 boot security parameters, 45+ sysctl CIS L2 rules, a 30+ module blacklist, an nftables drop-by-default firewall, AppArmor enforced, fail2ban, AIDE file integrity, ClamAV antivirus, and LUKS2 full-disk encryption. No other distro does this.

+
+ + + +

Build History

+

Alfred Linux v2.0 was developed through a rigorous incremental build pipeline. Each build added one major component and was tested before the next layer was added. Here is the complete build record:

+ +

v1.0 — Foundation (14 builds)

+

The original Alfred Linux v1.0 went through 14 iterative builds to establish the base operating system, desktop environment, and basic voice integration. The final v1.0 ISO was 1.5 GB and proved the concept: a bootable Linux desktop with AI voice integration.

+ +

v2.0 — Full Stack (9+ builds)

+
+
+
b1
+
2026-04-04
+
Foundation — Base Debian Bookworm + XFCE4 + Plymouth + Branding + Hardening
+
~1.2 GB
+
+
+
b2
+
2026-04-04
+
+ Alfred Browser — Replaced Firefox-ESR with Alfred Browser (Tauri + WebKitGTK)
+
1.4 GB
+
+
+
b3
+
2026-04-04
+
+ Alfred IDE — VS Code-compatible IDE (powered by code-server 4.114.0) + Commander extension for AI-powered development
+
1.6 GB
+
+
+
b4
+
2026-04-05
+
+ Alfred Voice — Kokoro TTS + PyTorch CPU + spaCy NLP + welcome greeting service
+
2.2 GB
+
+
+
b5
+
2026-04-05
+
+ Alfred Search — Meilisearch local search engine for offline-first instant search
+
2.3 GB
+
+
+
b6
+
2026-04-05
+
+ Calamares Installer — Full graphical disk installer with Alfred branding and encryption
+
2.3 GB
+
+
+
RC1
+
2026-04-05
+
Release Candidate 1 — All 6 layers combined, first full integration test
+
2.3 GB
+
+
+
RC2
+
2026-04-05
+
Release Candidate 2 — Bug fixes, latest security patches applied
+
2.3 GB
+
+
+
RC3
+
2026-04-06
+
Release Candidate 3 — Critical boot fix (kernel naming), splash template fix, binary hook for generic kernel names, kernel 6.1.0-44. First bootable ISO.
+
2.5 GB
+
+
+ +

v4.0 — “The People’s OS” (Trixie Rebase + 4 New Features)

+
+
+
RC4
+
2026-04-06
+
Trixie Rebase — Rebased from Debian Bookworm to Trixie (13), kernel 6.12, UEFI+BIOS hybrid boot. Voice hook fixed for Trixie (venv + --only-binary spacy).
+
~2.5 GB
+
+
+
RC5
+
2026-04-06
+
Full v4.0 Stack — All 10 hooks: Welcome App (7-page wizard), Alfred Store (Flatpak center), Voice 2.0 (“Hey Alfred” wake word), alfred-update, alfred-info, version check API. Calamares v4.0 branding.
+
~2.5 GB
+
+
+
RC6
+
2026-04-06
+
Hardware + Installer Fix — All 12 hooks: universal hardware support + security hardening (drivers, firmware, GPU, WiFi, Bluetooth, input devices, power mgmt, auto-detect 3-tier), install-or-try dialog on live boot, XFCE desktop trust fix, Kyber-1024 branding. Calamares now visible and launchable.
+
~2.5 GB
+
+
+
RC7
+
2026-04-06
+
KERNEL 7.0 — FIRST DISTRO ON EARTH — All 13 hooks. Linux kernel 7.0.0-rc7 custom-compiled from Linus Torvalds' mainline source tree. 3 kernel-7-exclusive mitigations: ITS, TSA, VMSCAPE. 24 compiled-in CPU vulnerability mitigations. 12 default security gaps patched. Hook 0050 (kernel 7) + Hook 0160 (352-line security hardening).
+
~2.5 GB
+
+
+
RC8
+
2026-04-06
+
ENTERPRISE SECURITY — 32 MODULES, 3 NEW HOOKS — All 16 hooks. 3 dedicated security hooks: Hook 0160 Alfred Security (21 modules: sysctl CIS L2, kernel lockdown, AppArmor w/ custom Alfred IDE + Meilisearch profiles, auto-updates, fail2ban 3-try/24h, auditd 30+ immutable rules, DNS-over-TLS, USB security, module blacklist, PAM 10-char/3-class, AIDE file integrity, ClamAV weekly scan, rkhunter + chkrootkit, hidepid=2, secure mounts, banners, core dumps disabled, cron lockdown, compiler restriction, NTS time sync, alfred-security-status CLI). Hook 0165 Network Hardening (7 modules: MAC randomization, nftables default-deny, TCP wrappers, port scan defense, wireless hardening, SSH strong ciphers, alfred-network-status CLI). Hook 0170 Full Disk Encryption (4 modules: LUKS2 cryptsetup + initramfs, strong defaults, Calamares FDE checkbox, alfred-encrypt-status CLI). 19 new security packages. fastfetch replaces neofetch. DNS fix hook (0011). Resilient IDE/Voice hooks (set +e).
+
~2.5 GB
+
+
+ +

The Boot Fix Story

+

RC1 and RC2 were successfully built but contained a critical boot defect that was discovered during ISO inspection: the bootloader referenced /live/vmlinuz and /live/initrd.img, but the ISO only contained the versioned files (vmlinuz-6.1.0-44-amd64). This meant the ISOs would fail to boot on any hardware.

+

The fix was a build hook that runs as the absolute last step (hook #9999) in the chroot phase, creating copies of the kernel and initramfs with the generic names that the bootloader expects. RC3 is the first build with this fix and the latest Debian security patches (kernel 6.1.0-44, including WebKit, OpenSSL, ImageMagick, and GStreamer security updates).

+ + + +

Bundled Components

+

Every component is pre-installed and configured. No package manager needed for the core experience.

+ +
+
+

Alfred Browser

+
v4.0.0 — Tauri + WebKitGTK
+

Zero-telemetry sovereign web browser. 4.7 MB. No Google Services, no ad tracking, no phone-home. Set as the system default browser, replacing Firefox entirely.

+
+
+

Alfred IDE

+
Alfred IDE 1.0 (code-server 4.114.0 + Commander 1.0.1)
+

Full Visual Studio Code in the browser. The Alfred Commander extension provides AI chat, voice commands, and MCP tool integration. Runs on port 8443.

+
+
+

Alfred Voice

+
Kokoro TTS + PyTorch CPU
+

Text-to-speech engine running entirely offline. No cloud API needed. Speaks on first boot with a welcome greeting. spaCy NLP for natural language processing.

+
+
+

Alfred Search

+
Meilisearch (latest)
+

Lightning-fast local search engine. Indexes all local files and documentation. Sub-50ms search results. No internet connection required.

+
+
+

Calamares Installer

+
v3.2.x + Alfred v4.0 Branding
+

Graphical disk installer for permanent installation. Supports LUKS full-disk encryption, alongside/replace partitioning, and automated install modes.

+
+
+

Desktop Environment

+
XFCE 4.18 + LightDM
+

Lightweight, fast desktop with Arc dark theme, Papirus icons, JetBrains Mono font, and custom bash prompt. Branded fastfetch with Alfred ASCII art.

+
+
+ +

New in v4.0

+
+
+

Welcome App

+
v4.0 — Python/Tk
+

7-page first-boot wizard: voice setup, WiFi config, tool launcher, P2P seeding opt-in, keyboard shortcuts. Runs once, remembers. Dark branded UI.

+
+
+

Alfred Store

+
v4.0 — Flatpak + Flathub
+

App center with 6 curated categories: Featured, Development, Communication, Media, Games, Privacy. Search, one-click install, threaded background updates.

+
+
+

Voice 2.0 Wake Word

+
openWakeWord — systemd service
+

Always-on “Hey Alfred” wake word detection. Runs as a systemd service with 3-second cooldown and configurable audio threshold.

+
+
+

alfred-update & alfred-info

+
CLI tools — /usr/local/bin/
+

alfred-update: one-command APT + Flatpak + Alfred version check. alfred-info: branded system info panel showing version, kernel, uptime, memory, disk, services.

+
+
+ +

Security Stack

+
+
+

nftables Firewall

+
Default-deny + UFW frontend
+

nftables drop-by-default firewall with rate-limited SSH and ICMP. UFW frontend available for management. Only essential services allowed through.

+
+
+

Fail2ban

+
v1.0.2
+

Intrusion prevention system monitoring SSH, web, and other services. Automatically bans repeated failed login attempts.

+
+
+

SSH Hardening

+
OpenSSH (hardened config)
+

Root login disabled, password auth disabled by default, key-based only. Configured during build with security-first defaults.

+
+
+

WireGuard VPN

+
Kernel module included
+

Modern VPN built into the kernel. Ready for mesh networking, sovereign infrastructure, and peer-to-peer encrypted tunnels.

+
+
+ + + +

Build System

+

Alfred Linux ISOs are built using Debian live-build, the same system used to produce official Debian Live images. The build process is fully automated and reproducible.

+ +

Build Pipeline

+
+# Alfred Linux uses a 3-phase build pipeline: + +Phase 1: Bootstrap + debootstrap creates a minimal Debian chroot (~400 MB) + Base packages installed: dpkg, apt, bash, coreutils + +Phase 2: Chroot + 1,000+ packages installed into the chroot + 16 build hooks execute sequentially: + 0010 — Fix Debian security repository URL format + 0011 — Fix chroot DNS resolution (forcibly writes /etc/resolv.conf) + 0100 — Alfred branding (Plymouth, fastfetch, XFCE config, hardening) + 0150 — Alfred Hardware (universal drivers, firmware, input devices, GPU, WiFi, Bluetooth, power mgmt, auto-detect) + 0160Alfred Security (21 modules: sysctl CIS L2, kernel lockdown, AppArmor w/ custom profiles, auto-updates, fail2ban, auditd 30+ rules, DNS-over-TLS, USB security, module blacklist, PAM hardening, AIDE, ClamAV, rkhunter + chkrootkit, hidepid, secure mounts, banners, core dumps, cron lockdown, compiler restriction, NTS time sync, alfred-security-status CLI) + 0165Alfred Network Hardening (7 modules: MAC randomization, nftables default-deny, TCP wrappers, port scan defense, wireless hardening, SSH strong ciphers, alfred-network-status CLI) + 0170Alfred Full Disk Encryption (4 modules: LUKS2 cryptsetup + initramfs, strong defaults, Calamares FDE checkbox, alfred-encrypt-status CLI) + 0200 — Alfred Browser (remove Firefox, install .deb, set default) + 0300 — Alfred IDE (VS Code-compatible IDE + Commander extension) + 0400 — Alfred Voice (Kokoro TTS + PyTorch CPU + spaCy, venv-isolated) + 0500 — Alfred Search (Meilisearch binary) + 0600 — Calamares installer (KF5/Qt5 + v4.0 branding + LUKS2 FDE) + 0700 — Welcome App (7-page Python/Tk first-boot wizard) + 0710 — alfred-update + alfred-info CLI tools + version check API + 0800 — Alfred Store (Flatpak app center + Flathub + 6 categories) + 0900 — Voice 2.0 (openWakeWord “Hey Alfred” wake word service) + 9999 — Kernel name fix (ensures /boot/vmlinuz exists) + +Phase 3: Binary + Security updates applied to chroot + chroot compressed to squashfs (~2.3 GB → filesystem.squashfs) + Bootloader configured (ISOLINUX/syslinux) + ISO assembled (xorriso) as hybrid ISO (USB + CD bootable) +
+ +

Build Infrastructure

+ + + + + + + + + + + +
ComponentSpecification
Build ServerGoSiteMe dedicated build server, 8 cores, 32 GB RAM
Build OSUbuntu 22.04 LTS
Build Toollive-build 3.0 (Ubuntu variant)
Compressionsquashfs with gzip (8 threads parallel)
ISO Toolxorriso with ISOLINUX hybrid boot
Build Time~15 minutes (full rebuild from clean)
Network1 Gbps dedicated link to Debian mirrors
+ + + +

System Specifications

+ +

ISO Details

+ + + + + + + + + + + + + + +
PropertyValue
BaseDebian 13 (Trixie)
KernelLinux 7.0.0-rc7 (amd64, custom-compiled)
Architecturex86_64 (amd64)
ISO TypeHybrid (USB stick + CD/DVD bootable, UEFI + BIOS)
ISO Size~2.5 GB
DesktopXFCE 4.18 + LightDM
Init Systemsystemd
Package FormatAPT (.deb)
Boot FirmwareUEFI + BIOS (ISOLINUX/GRUB hybrid)
LicenseAGPL-3.0
+ +

Minimum Requirements

+ + + + + + + + + + +
ComponentMinimumRecommended
RAM4 GB16 GB
Storage32 GB256 GB NVMe
CPU2 cores, x86_648+ cores
GPUAny (VESA fallback)AMD/NVIDIA with open drivers
NetworkOptional (works offline)Ethernet or WiFi
BootUSB 2.0 or CD/DVDUSB 3.0+
+ +

Pre-installed Package Highlights

+ + + + + + + + + + + + +
CategoryPackages
Desktopxfce4, xfce4-goodies, thunar, xfce4-terminal, lightdm
MediaVLC, PulseAudio, ImageMagick
NetworkingNetworkManager, WireGuard, curl, wget, OpenSSH
Securitynftables, AppArmor, fail2ban, auditd, AIDE, ClamAV, rkhunter, chkrootkit, GnuPG, KeePassXC
Developmentgit, vim, nano, python3, build-essential
Systemhtop, fastfetch, file-roller, gparted
FontsJetBrains Mono, Noto (full CJK support), Liberation
ThemingArc theme, Papirus icons, Plymouth boot splash
+ + + +

Security Posture

+

Alfred Linux ships 32 security modules across 3 dedicated build hooks. Every default is chosen for defense, not convenience. RC8 delivers enterprise-grade hardening out of the box.

+ +

Hook 0160 — Alfred Security (21 Modules)

+
    +
  • Kernel sysctl hardening — 45+ CIS Level 2 rules: ASLR=2, symlink/hardlink protection, SYN cookies, ICMP redirect blocking, source routing disabled, core dumps off
    • +
  • Kernel lockdown — integrity mode enforced at boot
    • +
  • AppArmor — Mandatory access control enforced with custom profiles for Alfred IDE and Meilisearch
    • +
  • Unattended-upgrades — Automatic security patches enabled by default
    • +
  • Fail2ban — SSH brute-force protection (3 attempts → 24-hour ban)
    • +
  • Auditd — 30+ immutable audit rules for system calls, file access, auth events
    • +
  • DNS-over-TLS — Quad9 (9.9.9.9) + Cloudflare (1.1.1.1) encrypted DNS via systemd-resolved
    • +
  • USB security — USBGuard-style logging + alfred-usb-storage toggle tool
    • +
  • Module blacklisting — firewire, dccp, sctp, cramfs, freevxfs, hfs, jffs2, udf, thunderbolt DMA
    • +
  • PAM hardening — 10-character minimum, 3 character classes, account lockout after failed attempts
    • +
  • AIDE — File integrity monitoring with daily cron check + alfred-aide-init baseline tool
    • +
  • ClamAV — Antivirus engine with weekly scheduled scan via alfred-scan
    • +
  • Rootkit detection — rkhunter + chkrootkit with weekly cron scans
    • +
  • hidepid=2 — Users cannot see other users' processes
    • +
  • Secure mounts — /tmp with noexec,nosuid,nodev; /var/tmp and /dev/shm hardened
    • +
  • Login banners — Legal warning banners on console and SSH
    • +
  • Core dumps disabled — via sysctl + limits.conf + systemd
    • +
  • Cron/at lockdown — Root-only access to scheduled tasks
    • +
  • Compiler restriction — gcc/g++ restricted to 'dev' group only
    • +
  • NTS time sync — Chrony with Network Time Security (authenticated NTP)
    • +
  • alfred-security-status — CLI dashboard showing status of all 21 modules
    • +
+ +

Hook 0165 — Alfred Network Hardening (7 Modules)

+
    +
  • MAC randomization — WiFi and Ethernet interfaces use random MAC addresses per-connection
    • +
  • nftables firewall — Default-deny ingress, allow established + ICMP + loopback only
    • +
  • TCP wrappers — hosts.deny ALL:ALL, hosts.allow sshd from localhost
    • +
  • Port scan defense — nftables rate-limiting rules against SYN flood and port scanning
    • +
  • Wireless hardening — WPS disabled, strong WPA supplicant defaults
    • +
  • SSH strong ciphers — chacha20-poly1305, aes256-gcm only; ed25519 + sntrup761x25519 key exchange
    • +
  • alfred-network-status — CLI dashboard showing firewall, MAC, SSH cipher status
    • +
+ +

Hook 0170 — Full Disk Encryption (4 Modules)

+
    +
  • LUKS2 support — cryptsetup + cryptsetup-initramfs installed and configured
    • +
  • Strong defaults — aes-xts-plain64, sha512, 4096-bit key, argon2id KDF
    • +
  • Calamares FDE — enableLuksAutomatedPartitioning checkbox enabled in installer
    • +
  • alfred-encrypt-status — CLI tool to check encryption status of all block devices
    • +
+ +

Foundational Security

+
    +
  • Zero Telemetry — No phone-home, no crash reporting, no usage analytics. The OS does not contact any server unless you tell it to.
    • +
  • 24 CPU mitigations — Spectre v1/v2/BHI, Meltdown, MDS, TAA, MMIO, RFDS, SRBDS, L1TF, SSB, ITS, TSA, VMSCAPE compiled in
    • +
  • 16 boot parameters — init_on_alloc, init_on_free, slab_nomerge, pti=on, lockdown=integrity, debugfs=off, io_uring_disabled, tsx=off, vsyscall=none
    • +
  • WireGuard Ready — VPN kernel module pre-loaded for encrypted mesh networking
    • +
  • Auditable Build — Every ISO is built from a documented script. SHA-256 + BLAKE3 checksums are published for every release
    • +
+ + + +

Download & Verify

+ +
+

Latest Release: Alfred Linux 4.0 RC8

+

Download the ISO and verify the SHA-256 + BLAKE3 checksums before booting. Write to USB with dd, Balena Etcher, or Rufus.

+
+ +
+# Download +wget https://alfredlinux.com/downloads/alfred-linux-4.0-rc8-amd64.iso + +# Verify checksum +wget https://alfredlinux.com/downloads/alfred-linux-4.0-rc8-amd64.iso.sha256 +sha256sum -c alfred-linux-4.0-rc8-amd64.iso.sha256 + +# Verify BLAKE3 (install: cargo install b3sum) +b3sum alfred-linux-4.0-rc8-amd64.iso +# Expected: e021d2024599aa918972d9e6b9fd9c1d97d226ac69da035913fd7a462dbef47d + +# Write to USB (replace /dev/sdX with your USB device) +sudo dd if=alfred-linux-4.0-rc8-amd64.iso of=/dev/sdX bs=4M status=progress oflag=sync + +# Boot +# Restart your computer and boot from USB +# Select "Alfred Linux 4.0 (Live)" from the boot menu +
+ + + +

Alfred Linux Mobile (Android)

+

Alfred Linux runs on Android phones and tablets — Samsung Galaxy S26 Ultra, Pixel, OnePlus, any device running Android 12+. No root required. Uses Termux + proot-distro to run a full Debian Bookworm environment with all Alfred components.

+ +
+

What You Get on Mobile

+

Alfred IDE (powered by code-server — the same VS Code engine used by enterprise teams worldwide, running entirely on your device) · Alfred Search (Meilisearch) · Alfred Voice (Kokoro TTS) · Full Linux terminal · Python, Node.js, Git, and build tools. With Samsung DeX, plug into a monitor and you have a full desktop development environment.

+
+ +

Quick Install

+
+# 1. Install Termux from F-Droid (NOT Google Play) +# https://f-droid.org/en/packages/com.termux/ + +# 2. Open Termux and run: +curl -fsSL https://alfredlinux.com/downloads/install-alfred-mobile.sh | bash + +# 3. After install, use these commands: +alfred # Enter Alfred Linux shell +alfred-ide # Launch Alfred IDE in browser +alfred-info # Show system info +
+ +

Requirements

+
    +
  • Android 12+ (Samsung One UI 4+, Pixel 6+, etc.)
    • +
  • 4 GB free storage for the full Alfred environment
    • +
  • Termux from F-Droid (the Google Play version is deprecated)
    • +
  • Optional: Termux:Widget for home screen shortcuts
    • +
  • Optional: Samsung DeX for desktop-mode IDE experience
    • +
+ +

Samsung DeX Integration

+

When connected to an external display via USB-C or Miracast, Samsung DeX provides a desktop-like environment. Launch alfred-ide, open your browser, and you have a full VS Code IDE on a large screen — powered entirely by your phone. Alfred IDE runs on code-server, the same engine powering VS Code for the Web at major companies. The Samsung S26 Ultra with 12GB RAM and Snapdragon 8 Elite runs it smoothly.

+ +

Architecture Notes

+

Mobile Alfred Linux runs on ARM64 (aarch64) inside a proot container. The Debian userspace is real — you can install any Debian package with apt. The kernel is Android's, but everything above it is standard Debian Bookworm. This means:

+
    +
  • Full apt package manager — install anything from Debian repos
    • +
  • Python, Node.js, Ruby, Go, Rust — all work natively on ARM64
    • +
  • No root needed — proot translates system calls without kernel modifications
    • +
  • Persistent storage — your files survive Termux restarts
    • +
  • Network access — uses Android's network stack transparently
    • +
+ + + +

Contributing

+

Alfred Linux is open source under the AGPL-3.0 license. Contributions are welcome and rewarded with GSM tokens.

+ +

How to Contribute

+
    +
  • Report Bugs — Test the ISO and report any issues. Boot failures, hardware incompatibilities, broken features. 10-50 GSM per confirmed bug.
    • +
  • Submit Patches — Fix bugs or add features via pull requests. 100-1,000 GSM per merged feature.
    • +
  • Write Documentation — Help expand this documentation, write tutorials, create videos. 50-500 GSM per contribution.
    • +
  • Test Hardware — Boot Alfred Linux on your hardware and report compatibility. We need coverage across laptops, desktops, and servers.
    • +
  • Translate — Help bring Alfred Linux to your language. Localization is a priority for v3.0.
    • +
+ +

Build It Yourself

+
+# Requirements: Debian/Ubuntu with sudo, 32GB RAM recommended, 50GB free disk + +# Install dependencies +sudo apt install live-build debootstrap squashfs-tools xorriso isolinux syslinux-common syslinux + +# Clone the build scripts +git clone https://alfredlinux.com/forge/commander/alfred-linux.git +cd alfred-linux + +# Build the full RC8 ISO +sudo bash scripts/build-unified.sh rc8 + +# Output: iso-output/alfred-linux-4.0-rc8-amd64-YYYYMMDD.iso +
+ +
+

Build Requirements

+

OS: Debian 12+ or Ubuntu 22.04+ — CPU: 4+ cores — RAM: 16 GB minimum (32 GB recommended) — Disk: 50 GB free — Time: ~15 minutes on modern hardware

+
+ + +

What's Next

+

Alfred Linux v4.0 is the fully-loaded foundation. The next milestones are:

+
    +
  • ARM64 build — Raspberry Pi 4/5 and Apple Silicon support
    • +
  • Wayland desktop — XFCE on Wayland (wlroots) for the Alfred Desktop Environment
    • +
  • Whisper STT integration — Voice input via OpenAI Whisper running locally on GPU
    • +
  • Custom wake word model — Train a dedicated “Hey Alfred” model instead of using the built-in closest match
    • +
  • GSM wallet & mining — Built-in token wallet and compute contribution system
    • +
  • Secure Boot signing — Microsoft-signed shim for Secure Boot compatibility
    • +
  • Auto-update channel — alfred-update with delta/OTA patches instead of full ISO rebuilds
    • +
+ +
+
+ + + + + + diff --git a/download.php b/download.php new file mode 100644 index 0000000..66fde00 --- /dev/null +++ b/download.php @@ -0,0 +1,1109 @@ + + + + + + + <?= htmlspecialchars($pageTitle) ?> + + + + + + + + + + + + + + + + + + + + +
+
⚡ Peer-to-Peer · Zero Install · Browser-Native
+

Download at the Speed of the Swarm

+

No torrent client needed. Your browser IS the client. Every downloader becomes a seeder.
+ The more people who join, the faster everyone downloads.

+
+ + +
+ + +
+

Alfred Linux

+
· · Debian Trixie 13 · Kernel 7.0.0-rc7 · 16 Hooks · 32 Security Modules · Hardened
+ +
+ Download .torrent file (for desktop torrent clients like qBittorrent) +
+
+ + +
+
+
+
0%
+
+
+
+
Downloaded
+
0 MB
+
+
+
Speed
+
0 KB/s
+
+
+
Peers
+
0
+
+
+
ETA
+
+
+
+
Uploaded
+
0 MB
+
+
+

+ You're already sharing pieces with other downloaders! ✨ +

+
+ + +
+
+

🎉 Download Complete!

+

Your copy of Alfred Linux is ready. But here's the thing —

+

+ The longer you keep this page open,
+ the faster the new free world is built
+ with YOUR help! +

+
+ +
00:00:00
+
Time you've been seeding for the community
+ +
+
+
You've Shared
+
0 MB
+
+
+
Upload Speed
+
0 KB/s
+
+
+
Souls Saved
+
0
+
+
+
Your Ratio
+
0.00
+
+
+ + + +
+

Spread the word:

+ + +
+
+ +
+
+ + +
+

Flash to USB Drive

+

Turn your ISO into a bootable USB stick in minutes

+ +
+ + + + +
+ +
+

💻 Rufus (Windows)

+
    +
  1. Download Rufus (free, portable, no install needed)
    2. +
  2. Insert a USB drive (8 GB minimum)
    3. +
  3. Open Rufus → select your USB under Device
    4. +
  4. Click SELECT → choose the Alfred Linux ISO you just saved
    5. +
  5. Partition scheme: GPT · Target: UEFI
    6. +
  6. Click START → wait until “READY” appears
    7. +
  7. Reboot your PC and boot from USB (usually F12 / F2 / DEL at startup)
    8. +
+
+ +
+

🍎 Terminal (macOS)

+
    +
  1. Insert a USB drive (8 GB minimum)
    2. +
  2. Open Terminal and find your USB disk:
    3. +
+
diskutil list
+
    +
  1. Unmount the USB (replace diskN with your disk):
    2. +
+
diskutil unmountDisk /dev/diskN
+
    +
  1. Flash the ISO (use rdiskN for speed):
    2. +
+
sudo dd if=~/Downloads/ of=/dev/rdiskN bs=4m status=progress
+
    +
  1. Wait until complete, then eject and reboot from USB
    2. +
+
⚠️ Double-check the disk number! dd overwrites the target without confirmation.
+
+ +
+

🐧 Terminal (Linux)

+
    +
  1. Insert a USB drive (8 GB minimum)
    2. +
  2. Find your USB device:
    3. +
+
lsblk
+
    +
  1. Flash the ISO (replace /dev/sdX with your USB — e.g. /dev/sdb):
    2. +
+
sudo dd if=~/Downloads/ of=/dev/sdX bs=4M status=progress oflag=sync
+
    +
  1. Wait until complete, then reboot and boot from USB
    2. +
+
⚠️ Make sure /dev/sdX is your USB, not your main drive! Check lsblk output carefully.
+
+ +
+

⚡ balenaEtcher (Any OS)

+
    +
  1. Download balenaEtcher (free, works on Windows/Mac/Linux)
    2. +
  2. Open Etcher → click Flash from file → select the Alfred Linux ISO
    3. +
  3. Click Select target → choose your USB drive
    4. +
  4. Click Flash! and wait for completion + verification
    5. +
  5. Reboot and boot from USB
    6. +
+

Etcher is the easiest option if you're not comfortable with command-line tools. It validates the write automatically.

+
+
+ + +
+

The Alfred Swarm

+

Every dot is a person — downloading, seeding, building the future of computing together.

+
+
0
+
active peers in the swarm right now
+ +
+
+ + +
+

Verify Your Download

+

+ Two independent hash algorithms — different math, different authors, different attack surfaces.
+ If an attacker somehow breaks one, the other catches it. No other distro does this. +

+
+

SHA-256 (NIST Standard)

+
+ 7d49ef3cfb957cb9854bd3f451ef99ec8255afd68069a89ed0cf5a847d5d79bf +
+
+ sha256sum alfred-linux-4.0-rc8-amd64-20260407.iso +
+
+
+

BLAKE3 (Fastest & most secure hash on the planet)

+
+ e021d2024599aa918972d9e6b9fd9c1d97d226ac69da035913fd7a462dbef47d +
+
+ b3sum alfred-linux-4.0-rc8-amd64-20260407.iso +  ·  Install: pip install blake3 or cargo install b3sum +
+
+

+ Both hashes must match. If either one doesn't — do not install. Re-download via P2P. +

+
+ + +
+

How Peer-to-Peer Download Works

+
+
+
1
+
+

Click "Start P2P Download"

+

Your browser connects to the Alfred Linux swarm using WebTorrent — a BitTorrent client that runs natively in your browser. No plugins, no installs.

+
+
+
+
2
+
+

Download from everyone at once

+

Instead of one server, you download pieces from every peer in the swarm simultaneously. More people = faster download for everyone.

+
+
+
+
3
+
+

You become a seeder

+

While downloading, you're already sharing completed pieces with others. When done, you keep sharing as long as the page stays open.

+
+
+
+
4
+
+

The swarm grows stronger

+

Every seeder makes the next download faster. You're not just getting an OS — you're powering a movement. The longer you seed, the more people you help.

+
+
+
+
+ + + + + + + + + + + + diff --git a/index.php b/index.php new file mode 100644 index 0000000..b33c9a9 --- /dev/null +++ b/index.php @@ -0,0 +1,1186 @@ + + + + + + + + Alfred Linux — The World's First AI-Native Operating System + + + + + + + + + + + + + + + + + + + + + + +
+
v4.0 “The People’s OS” on Kernel 7.0.0 — FIRST DISTRO WITH KERNEL 7 — AGPL-3.0
+

Your Voice Is
The Command Line.

+

Alfred Linux is the world's first AI-native operating system. Debian Trixie base. Kernel 7.0.0-rc7 — first distro on earth shipping kernel 7. 32 security modules — enterprise-grade hardening out of the box. Not a chatbot on Linux — the AI is the OS. Voice-first. Post-quantum encrypted. Token-incentivized. The foundation other distros build on.

+
+ ⚡ P2P Download + ⬇ Direct Download + Build on Alfred + ★ GoForge +
+ + +
+
+
+
+
+
alfred-voice-shell
+
+
+
commander@alfred:~$
+ +
+
+
+ + +
+
+
13,262+
+
AI Tools Built In
+
+
+
51M+
+
Agents in Registry
+
+
+
Kyber-1024
+
Post-Quantum Encryption
+
+
+
16
+
Build Hooks
+
+
+
AGPL
+
Open Source License
+
+
+ + +
+
+ Core Features +

Not a Distro with a Chatbot.

+

This is what happens when you build an OS where AI is the kernel-level interface to reality.

+
+
+
+
🎙️
+

Voice-First OS Shell

+

Whisper STT → Claude/Local LLM → Kokoro TTS. Alfred IS the shell. Talk to your computer, it talks back. No app required — the voice is the operating system.

+
+
+
🔐
+

Post-Quantum Encryption

+

Veil Protocol with Kyber-1024 (ML-KEM-1024) + AES-256-GCM. The highest NIST post-quantum standard. End-to-end encrypted messages, calls, and files that even quantum computers cannot break. Not even we can read your data.

+
+
+
💰
+

GSM Token Economy

+

Earn GSM tokens on Solana for computing, contributing, and participating. Mine, develop, report bugs, vote — all rewarded. GSM can only be earned, never bought.

+
+
+
🏠
+

Universal IoT Control

+

Smart home, vehicle OBD2, greenhouse, drones — all from one voice command. Zigbee, Z-Wave, Matter, MQTT, WiFi. Alfred is your universal remote for reality.

+
+
+
🤖
+

Robot Fleet Control

+

Native ROS2 integration for robot fleet orchestration. Deploy, monitor, and redirect swarms. Sensor fusion across cameras, LIDAR, and IMU. Teach robots with voice.

+
+
+
🌐
+

Sovereign Browser

+

Alfred Browser — built on Tauri + WebKitGTK for zero-tracking by design. No telemetry, no ad IDs, no Google Services. 4.7 MB total. Browse the web without being the product.

+
+
+
+ + +
+
+ New in v4.0 +

“The People’s OS”

+

Everything that makes Alfred Linux feel like home. Just shipped.

+
+
+
+
🏠
+

Welcome App

+

7-page first-boot wizard guides you through voice setup, WiFi, tool launcher, P2P seeding opt-in, and keyboard shortcuts. Dark branded UI. Runs once, remembers.

+
+
+
🏪
+

Alfred Store

+

Flatpak-powered app center with 6 curated categories: Featured, Development, Communication, Media, Games, Privacy. Search, one-click install, threaded updates.

+
+
+
🗣️
+

Voice 2.0 — “Hey Alfred”

+

Always-on wake word detection via openWakeWord. Say “Hey Alfred” from anywhere — the OS wakes, listens, responds. Systemd service, 3-second cooldown, configurable threshold.

+
+
+
🔄
+

alfred-update

+

One command to update everything: APT packages, Flatpak apps, Alfred version check against our API. alfred-update -y for unattended, --check for status only.

+
+
+
ℹ️
+

alfred-info

+

Branded system info panel. Version, kernel, uptime, memory, disk, CPU cores, Alfred service status — all at a glance. The neofetch of Alfred Linux.

+
+
+
🌐
+

Version Check API

+

alfredlinux.com/api/version.json — live version metadata. alfred-update calls this automatically. Codename, kernel, release notes, download URL all in one endpoint.

+
+
+
+ + +
+
+ Architecture +

Six Layers of Intelligence

+

From bare metal to voice shell — every layer designed for AI-native operation.

+
+
+
+
6
+
Voice Shell
+
Whisper STT → Claude / Ollama LLM → Kokoro TTS — always-on voice assistant
+
+
+
5
+
Applications
+
Alfred Browser · Alfred IDE · Meilisearch · MetaDome VR · GSM Wallet · 13,262+ AI Tools
+
+
+
4
+
Security
+
Veil Protocol (Kyber-1024 PQ) · AES-256-GCM · E2E Messages/Calls/Files
+
+
+
3
+
Economy
+
GSM Token on Solana · Mining · Bounties · App Store · Compute Marketplace
+
+
+
2
+
Desktop
+
XFCE 4.18 · LightDM · Arc Dark Theme · Papirus Icons · JetBrains Mono
+
+
+
1
+
Foundation
+
Debian Trixie · Linux 7.0 · systemd · Drivers · Hardware Abstraction
+
+
+
+ + +
+
+ Why Alfred? +

Alfred vs. Everything Else

+

Every other OS was built before AI existed. Alfred was built because AI exists.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FeaturemacOSWindowsChromeOSAlfred Linux
Voice-native OS shellSiri (app)Cortana (dead)No✓ Alfred IS the shell
Post-quantum encryption✗ None✗ None✗ None✓ Kyber-1024 E2E
Token economy✗ None✗ None✗ None✓ GSM on Solana
Smart home nativeHomeKit (limited)✗ NoNest (limited)✓ All protocols
Robot fleet control✗ No✗ No✗ No✓ ROS2 native
Farm automation✗ No✗ No✗ No✓ Drones + greenhouse
AI tools built-in✗ NoneCopilot (limited)Gemini (limited)✓ 13,262+ tools
VR/AR native✗ NoMixed Reality✗ No✓ WebXR runtime
Vehicle integrationCarPlay (mirror)✗ NoAndroid Auto✓ Native OBD2 + dash
Earn while computing✗ No✗ No✗ No✓ Mine GSM tokens
Open source✗ Proprietary✗ ProprietaryPartially✓ AGPL-3.0
+
+
+ + +
+
+ Editions +

One OS. Six Missions.

+

From your desktop to your tractor. From your phone to your data center.

+
+
+
+
🖥️
+

Alfred Desktop

+

Full desktop with ADE, browser, voice, and everything. The complete AI-native computing experience for creators, developers, and everyone.

+ Free — AGPL +
+
+
🖧
+

Alfred Server

+

Headless server with voice CLI and fleet control. Run your infrastructure with voice commands. Monitor, deploy, scale — all spoken.

+ Free — AGPL +
+
+
📡
+

Alfred IoT

+

Minimal image for Raspberry Pi and embedded devices. Smart home hub, sensor gateway, edge AI — in just 2GB. Perfect for Alfred Home.

+ Free — AGPL +
+
+
🚗
+

Alfred Vehicle

+

Automotive-grade for in-vehicle computers. OBD2 diagnostics, fleet management, dash UI, and AI-powered navigation — all voice-controlled.

+ Free — AGPL +
+
+
📱
+

Alfred Mobile

+

Touch-optimized mobile OS for sovereign smartphones. Full Alfred AI, Veil encryption, GSM wallet, IoT remote — your phone, your rules.

+ alfred-mobile.com → +
+
+
🏢
+

Quantum Linux

+

White-label enterprise OS with post-quantum hardening, fleet management, HIPAA/SOC2/GDPR compliance, and custom branding. Alfred underneath.

+ Enterprise + quantum-linux.com → +
+
+
+ + +
+
+ GSM Economy +

Earn While You Compute

+

GSM can only be earned, never bought. A work-based economy — if you contribute, you earn.

+
+
+
+

⬆ Earn GSM

+
⛏️ Mine (SHA-256 PoW)
+
🤖 Run AI Tasks
+
📡 Share Bandwidth
+
💻 Develop Apps
+
🐛 Report Bugs
+
🗳️ Govern (Vote)
+
+
+ +
GSM
+ Solana SPL +
+
+

⬇ Spend GSM

+
📦 Buy Apps & Services
+
🔄 Trade on Jupiter DEX
+
💝 Tip Developers
+
Pay for AI Compute
+
🛒 Buy Hardware
+
🎮 In-Game Purchases
+
+
+
+ + +
+
+ Under the Hood +

Technology Stack

+

Proven foundations. Cutting-edge integration.

+
+
+
Kernel
Linux 7.0.0-rc7 (Custom-compiled)
+
Init
systemd
+
Display
X11 (XFCE 4.18)
+
Desktop
XFCE + LightDM
+
Voice STT
OpenAI Whisper
+
Voice LLM
Claude + Ollama
+
Voice TTS
Kokoro + Orpheus
+
Browser
Alfred Browser (Tauri)
+
Encryption
Veil (Kyber-1024)
+
Token
GSM on Solana
+
IoT
Matter · Zigbee · MQTT
+
Robotics
ROS2 Humble/Iron
+
VR/AR
WebXR + OpenXR
+
Gaming
Vulkan + Proton
+
Packages
APT + Flatpak + Store
+
Languages
Rust · TS · Python · C
+
+
+ + +
+
+ Roadmap +

The Path Forward

+

Building in public. Shipping in sprints. v4 → v5 → v6 over the next year. The sovereign machine by April 2027.

+
+
+
+
+
+

Sprint 0 — Project Scaffold

+

Research, planning, architecture, documentation, agent team deployment

+
✓ Complete — March 11, 2026
+
+
+
+
+
+

Sprint 1 — Bootable ISO + Voice + ADE

+

First bootable image with Alfred Desktop Environment and voice assistant

+
✓ Complete — April 4, 2026 (v1.0 ISO, 1.5 GB, 14 builds)
+
+
+
+
+
+

Sprint 1.5 — v2.0 Full Stack ISO

+

Alfred Browser + Alfred IDE + Kokoro Voice + Meilisearch + Calamares installer. 6-layer build pipeline.

+
✓ Complete — April 6, 2026 (v2.0 RC3, 2.5 GB, 10 builds)
+
+
+
+
+
+

Sprint 1.6 — v3.0 Trixie Rebase + Kernel 6.12

+

Rebased on Debian Trixie (13). Kernel 6.12 LTS. UEFI/GRUB2 dual-boot. Developer foundation. NPU/AI accelerator support.

+
✓ Complete — April 6, 2026 (v3.0 RC4, Trixie, kernel 6.12)
+
+
+
+
+
+

Sprint 2–3 — v4.0 RC6 Full Stack + 12 Hooks

+

Welcome App, Voice 2.0 wake word, Alfred Store, alfred-update, alfred-info, universal hardware support, security hardening, Calamares installer fix.

+
✓ Complete — April 6, 2026 (v4.0 RC6, 12 hooks, kernel 6.12.74)
+
+
+ +
+
+
+

Sprint 2–3 — v4.0 Welcome App + Voice 2.0 + Alfred Store

+

First-boot Welcome Wizard, "Hey Alfred" wake word (openWakeWord), Alfred Store (Flatpak app center), alfred-update CLI, alfred-info, version check API, Calamares v4.0 branding

+
✓ Complete — April 6, 2026 (v4.0 RC7, 13 hooks, KERNEL 7.0 — first distro ever, 24 hardware mitigations, 12 security gaps patched, nftables firewall, 30+ module blacklist)
+
+
+
+
+
+

Sprint 3.5 — v4.0 RC8 Enterprise Security Hardening

+

32 security modules across 3 dedicated hooks. AIDE file integrity, ClamAV antivirus, rkhunter + chkrootkit, LUKS2 full-disk encryption, nftables default-deny, MAC randomization, DNS-over-TLS, PAM hardening, auditd 30+ immutable rules, compiler restriction, hidepid, NTS time sync. 6 new CLI security tools.

+
✓ Complete — April 6, 2026 (v4.0 RC8, 16 hooks, 32 security modules, 3 new security hooks, FDE, fastfetch)
+
+
+
+
4
+
+

Sprint 4 — ARM64 + Security Audit

+

Raspberry Pi 5, Apple Silicon, cloud images. Secure Boot, encrypted swap, post-quantum crypto prep, penetration test

+
June 2 – June 29, 2026
+
+
+
+
🚀
+
+

v4.0 — "The People's OS" — PUBLIC LAUNCH

+

The version everyone can install. Desktop + ARM64 + Mobile. DistroWatch listing, press kit, video demos, community launch. The OS for humans.

+
July 2026
+
+
+ +
+
6
+
+

Sprint 6–8 — Mesh + Smart Home + Token Economy

+

WireGuard mesh networking, device sync, Zigbee/Z-Wave/Matter smart home hub, OBD2 vehicle diagnostics, GSM wallet, developer marketplace

+
August – October 2026
+
+
+
+
🌐
+
+

v5.0 — "The Connected World"

+

Every Alfred machine is a mesh node. Your home, car, farm, and phone all speak the same language. 5 editions shipping. Token economy live.

+
November 2026
+
+
+ +
+
10
+
+

Sprint 10–12 — AI Agent OS + MetaDome + Sovereign Infra

+

On-device LLM runtime, voice agents with full autonomy, WebXR/VR desktop, MetaDome metaverse, farm automation, Handshake sovereign DNS, post-quantum cryptography

+
December 2026 – March 2027
+
+
+
+
👑
+
+

v6.0 — "The Sovereign Machine"

+

Your machine thinks for itself. 8 editions. RISC-V experimental. 1M downloads. AI agents, VR worlds, sovereign identity, post-quantum security. One year anniversary. The foundation is complete.

+
April 2027 — One Year Anniversary 🏴‍☠️
+
+
+
+
+ + +
+
+ Contribute +

Build Alfred, Earn GSM

+

Every merged PR earns tokens. Every bug report is rewarded.

+
+
+
+
🐛
+

Bug Fix

+

10–50 GSM

+
+
+
+

Feature

+

100–1,000 GSM

+
+
+
🔌
+

Integration

+

500–5,000 GSM

+
+
+
🛡️
+

Security Patch

+

1K–10K GSM

+
+
+
+ + +
+ Get Started +

Ready to Take Control?

+

Download Alfred Linux and experience computing where your voice is the command line.

+
+ ⚡ P2P Download — Powered by the People + 🧲 .torrent File + 🔧 Build Your Own +
+

+ Alfred Linux 4.0 RC8 · Debian Trixie (13) base · Kernel 7.0.0-rc7 · x86_64 · BIOS + UEFI hybrid ISO · 16 Build Hooks · 32 Security Modules · 24 CPU Mitigations · Hardened by Default
+ Includes: Alfred Browser · Alfred IDE · Alfred Voice (Kokoro TTS) · Alfred Search (Meilisearch) · Calamares Installer · Welcome App · Alfred Store (Flatpak) · Voice 2.0 Wake Word · alfred-update · alfred-info
+ Requirements: 4GB RAM · 32GB storage · Recommended: 8+ cores · 16GB RAM · NVMe +

+
+

+ 📱 NEW: Alfred Linux Mobile
+ Run Alfred Linux on Android — Samsung, Pixel, any device. No root required.
+ Download Mobile Installer +  ·  + Setup Guide +  ·  + Samsung S26 Quick Start +

+
+
+ + +
+
+ Ecosystem +

Part of Something Bigger

+

Alfred Linux is one pillar of the GoSiteMe ecosystem — eight pillars building the sovereign internet.

+
+
+ +

GoSiteMe

+

Parent company. The kingdom that holds it all together.

+ + +

Alfred Mobile

+

AI-native phone OS. Your pocket sovereign computer.

+ + +

MetaDome

+

VR metaverse. 51M+ AI agents in a living world.

+ + +

GoCodeMe

+

AI development environment. Alfred IDE.

+ + +

GoHostMe

+

Sovereign hosting. Your servers, your rules.

+ + +

Quantum Linux

+

Enterprise edition with post-quantum compliance.

+ +
+
+ + + + + + + + \ No newline at end of file diff --git a/releases.php b/releases.php new file mode 100644 index 0000000..334e8f8 --- /dev/null +++ b/releases.php @@ -0,0 +1,421 @@ + + + + + + + Alfred Linux — Release Notes + + + + + + + + + + + + + + + + + + +
+
Alfred Linux
+ +
+ +
+

Release Notes

+

Every build. Every kernel. Every hardening pass.

+
+ +
+ + +
+
+

v4.0 RC8

+ Latest + Kernel 7.0 + 32 Security Modules +
+
April 7, 2026 — Enterprise-grade security hardening: 32 modules, 3 dedicated hooks, full-disk encryption
+ +

Security Hardening (32 Modules — 3 New Hooks)

+
    +
  • Hook 0160 — Alfred Security (21 modules): sysctl CIS L2 hardening (45+ rules), kernel lockdown mode, AppArmor enforced with custom Alfred IDE & Meilisearch profiles, unattended-upgrades, fail2ban (SSH 3-try/24h ban), auditd (30+ immutable rules), DNS-over-TLS (Quad9 + Cloudflare), USB security logging & toggle, dangerous module blacklisting (firewire, dccp, sctp, cramfs), PAM password hardening (10-char/3-class/lockout), AIDE file integrity monitoring, ClamAV antivirus (weekly scan), rootkit detection (rkhunter + chkrootkit), hidepid=2, secure mount options (/tmp noexec), login banners, core dump prevention, cron/at root-only, compiler access restriction, NTS time synchronization (chrony), alfred-security-status CLI tool
    • +
  • Hook 0165 — Alfred Network Hardening (7 modules): MAC address randomization (WiFi + Ethernet), nftables default-deny firewall, TCP wrappers, port scan defense, wireless hardening (WPS disabled), SSH strong ciphers only (chacha20-poly1305, ed25519, sntrup761x25519), alfred-network-status CLI tool
    • +
  • Hook 0170 — Full Disk Encryption (4 modules): LUKS2 with cryptsetup + initramfs integration, strong encryption defaults, Calamares FDE checkbox enabled, alfred-encrypt-status CLI tool
    • +
+ +

Build System

+
    +
  • 16 build hooks — up from 13 in RC7 (3 new security hooks)
    • +
  • 19 new security packages: apparmor suite, auditd, aide, clamav, rkhunter, chkrootkit, libpam-pwquality, chrony, nftables, unattended-upgrades, cryptsetup
    • +
  • DNS fix hook (0011): resolves chroot DNS failures by forcibly writing /etc/resolv.conf
    • +
  • fastfetch replaces neofetch (removed from Trixie repos)
    • +
  • Resilient hooks: IDE (0300) and Voice (0400) now use set +e so optional failures don't kill the build
    • +
+ +

Applications

+
    +
  • Alfred IDE — VS Code-compatible IDE (powered by code-server 4.114.0)
    • +
  • Alfred Voice — Kokoro TTS + PyTorch + espeak-ng + OpenWakeWord
    • +
  • Alfred Search — Meilisearch instant search
    • +
  • Alfred Store — Flatpak + GNOME Software
    • +
  • Alfred Browser — Tauri + WebKitGTK (zero telemetry)
    • +
  • Alfred Welcome — first-boot wizard
    • +
  • Alfred Update — system update manager
    • +
  • Calamares — graphical installer with FDE support
    • +
+ +

Platform

+
    +
  • Kernel: Linux 7.0.0-rc7-alfred (custom-compiled mainline)
    • +
  • Base: Debian Trixie (13)
    • +
  • Boot: BIOS + UEFI hybrid ISO
    • +
  • Desktop: XFCE 4.18 + LightDM
    • +
  • Size: 2.4 GB ISO
    • +
  • Distribution: WebTorrent P2P (browser-native) + .torrent file
    • +
  • CLI Tools: alfred-security-status, alfred-scan, alfred-usb-storage, alfred-aide-init, alfred-network-status, alfred-encrypt-status, alfred-info, alfred-update, fastfetch
    • +
+ +
+ SHA-256:
+ 7d49ef3cfb957cb9854bd3f451ef99ec8255afd68069a89ed0cf5a847d5d79bf +
+
+ BLAKE3:
+ e021d2024599aa918972d9e6b9fd9c1d97d226ac69da035913fd7a462dbef47d +
+ + Download RC8 +
+ + +
+
+

v4.0 RC7

+ Previous + Kernel 7.0 +
+
April 6, 2026 — First distro on earth shipping Linux kernel 7.0
+ +

Kernel

+
    +
  • Linux 7.0.0-rc7-alfred — custom-compiled from Linus Torvalds' mainline tree (released April 5, 2026)
    • +
  • 3 kernel-7-exclusive CPU mitigations: ITS (Indirect Target Selection), TSA (Transient Scheduler Attacks), VMSCAPE (VM-exit Speculative Code Attack Prevention)
    • +
  • 24 total compiled-in CPU mitigations (Spectre v1/v2/BHI, Meltdown, MDS, TAA, MMIO, RFDS, SRBDS, L1TF, SSB, and more)
    • +
+ +

Security (12 default gaps patched)

+
    +
  • 16 boot security parameters: init_on_alloc, init_on_free, slab_nomerge, page_alloc.shuffle, pti=on, lockdown=integrity, debugfs=off, io_uring_disabled, tsx=off, vsyscall=none, and more
    • +
  • nftables drop-by-default firewall with UFW front-end
    • +
  • AppArmor mandatory access control enforced at boot
    • +
  • fail2ban intrusion prevention active by default
    • +
  • auditd security audit logging enabled
    • +
  • unattended-upgrades for automatic security patches
    • +
  • Auto-generated IDE passwords — no more hardcoded defaults
    • +
  • Dangerous kernel modules blacklisted: firewire, thunderbolt DMA, cramfs, freevxfs, hfs, jffs2, udf
    • +
  • Kernel sysctl hardening: ASLR=2, symlink/hardlink protection, SYN cookies, ICMP redirects disabled, source routing blocked
    • +
+ +

Applications (13 build hooks)

+
    +
  • Alfred IDE — VS Code-compatible IDE (powered by code-server 4.114.0)
    • +
  • Alfred Voice — Kokoro TTS engine with PyTorch 2.11.0, espeak-ng, OpenWakeWord
    • +
  • Alfred Search — Meilisearch instant search engine
    • +
  • Alfred Store — Flatpak + GNOME Software for app distribution
    • +
  • Alfred Browser — Tauri + WebKitGTK (zero telemetry)
    • +
  • Alfred Welcome — first-boot welcome and setup wizard
    • +
  • Alfred Update — system update manager
    • +
  • Calamares — graphical installer for disk installation
    • +
+ +

Platform

+
    +
  • Base: Debian Trixie (13)
    • +
  • Boot: BIOS + UEFI hybrid ISO (ISOLINUX + GRUB EFI)
    • +
  • Desktop: LightDM display manager
    • +
  • Hardware: LVM2, btrfs, ZRAM swap, TLP power management, CUPS printing, thermald
    • +
  • Size: 2.5 GB ISO
    • +
  • Distribution: WebTorrent P2P (sovereign distribution) +
+ +
+ SHA-256:
+ 2ee02635f2fbf2ba3d4c88c8cbdc528902dec4d79275c76fc6457f74ef38f1b1 +
+
+ + +
+
+

v4.0 RC6

+ Previous +
+
April 6, 2026
+ +

Highlights

+
    +
  • Kernel 6.12.74 — Debian Trixie LTS security kernel
    • +
  • 12 build hooks (full application stack)
    • +
  • Universal hardware support — GPU drivers (NVIDIA, AMD, Intel), WiFi/Bluetooth firmware, input devices, power management, auto-detect 3-tier driver loading
    • +
  • Install-or-try dialog on live boot — user chooses live session or Calamares installer immediately
    • +
  • XFCE desktop trust fix — desktop files launch without "untrusted application" warnings
    • +
  • Kyber-1024 branding — post-quantum visual identity applied
    • +
  • Calamares installer now visible and launchable from desktop with Alfred v4.0 branding and slideshow
    • +
  • First build with WebTorrent P2P distribution
    • +
  • First build with Alfred Store (Flatpak + GNOME Software)
    • +
+
+ + +
+
+

v4.0 RC5

+ Previous +
+
April 6, 2026
+ +

Highlights

+
    +
  • Kernel 6.12.74
    • +
  • 10 build hooks — full v4.0 application stack
    • +
  • Alfred Welcome — 7-page first-boot setup wizard
    • +
  • Alfred Store — Flatpak app center with GNOME Software
    • +
  • Voice 2.0 — "Hey Alfred" wake word detection via OpenWakeWord (always-on systemd service)
    • +
  • alfred-update — system update manager with GUI and CLI
    • +
  • alfred-info — system information CLI tool
    • +
  • Version check API — checks for OS updates at boot
    • +
  • Calamares — v4.0 branding applied to graphical installer
    • +
+
+ + +
+
+

v4.0 RC4

+ Previous +
+
April 6, 2026
+ +

Highlights

+
    +
  • Trixie rebase — OS moved from Debian Bookworm (12) to Debian Trixie (13)
    • +
  • Kernel 6.12.74 — Trixie's LTS kernel with EEVDF scheduler and Rust-in-kernel support
    • +
  • UEFI + BIOS hybrid boot — single ISO boots on both modern and legacy systems
    • +
  • Alfred Voice v2 — Kokoro TTS + PyTorch, spaCy NLP, OpenWakeWord, espeak-ng fallback
    • +
  • Alfred Search — Meilisearch instant local search engine
    • +
  • Voice hook fixed for Trixie (Python venv + --only-binary spacy workaround)
    • +
+
+ + +
+
+

v2.0 RC3

+ Previous +
+
April 6, 2026
+ +

Highlights

+
    +
  • Kernel 6.1.0-44 — Debian Bookworm LTS (WebKit, OpenSSL, ImageMagick, GStreamer security updates)
    • +
  • First verified bootable ISO (2.5 GB)
    • +
  • Critical boot fix: dual kernel-naming hooks (chroot hook #9999 + binary hook #9999) — creates generic vmlinuz/initrd that the bootloader expects
    • +
  • 9 build hooks: Alfred Browser, Alfred IDE (VS Code-compatible IDE), Alfred Voice (Kokoro TTS), Alfred Search (Meilisearch), Calamares installer, branding, boot fix (chroot + binary)
    • +
  • Samsung S26 Ultra mobile installer created (Termux + proot-distro, no root)
    • +
+
+ +
+ + + + + diff --git a/robots.txt b/robots.txt new file mode 100644 index 0000000..5b07b02 --- /dev/null +++ b/robots.txt @@ -0,0 +1,8 @@ +User-agent: * +Allow: / + +Sitemap: https://alfredlinux.com/sitemap.xml + +# Large binary files — don't waste crawl budget +Disallow: /downloads/*.iso +Disallow: /downloads/*.torrent diff --git a/security.php b/security.php new file mode 100644 index 0000000..10eb057 --- /dev/null +++ b/security.php @@ -0,0 +1,724 @@ + + + + + + + Alfred Linux — Security Transparency + + + + + + + + + + + + + + + + + +
+
Alfred Linux
+ +
+ +
+

Security Transparency

+

Real data from real boot tests. What we harden, what we don't have yet, and why radical honesty is our security posture.

+
+ +
+ +
+ Honesty notice: Alfred Linux RC8 ships Linux kernel 7.0.0-rc7 — a release candidate. It is not yet a stable kernel release. We believe in publishing real data so you can make informed decisions. This page shows both our strengths and our gaps. +
+ + +
+

CPU Vulnerability Mitigations — Kernel 7.0 vs 5.15

+

+ Data below comes from two real systems: Alfred Linux RC8 boot-tested in QEMU/KVM on April 6, 2026, + and a production Ubuntu 22.04 server running kernel 5.15.0-173. Both systems use AMD/Intel hardware + with the same vulnerability surface. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
VulnerabilityAlfred Linux RC8
Kernel 7.0.0-rc7		Ubuntu 22.04 LTS
Kernel 5.15.0-173
Spectre V1Mitigation: usercopy/swapgs barriers + __user pointer sanitizationMitigation: usercopy/swapgs barriers + __user pointer sanitization
Spectre V2Mitigation: Retpolines + RSB filling on context switch and VMEXITVulnerable: eIBRS with unprivileged eBPF
ITS (Indirect Target Selection)Mitigation: Aligned branch/return thunks Kernel 7 nativeMitigation: Aligned branch/return thunks (backported)
MDS (Microarch. Data Sampling)Vulnerable: Clear CPU buffers attempted, no microcode ¹Not affected (CPU-dependent)
Speculative Store BypassVulnerable ¹Mitigation: disabled via prctl and seccomp
MeltdownMitigation: PTI (Kernel Page Table Isolation)Not affected (CPU-dependent)
L1TF (L1 Terminal Fault)Mitigation: PTE InversionNot affected (CPU-dependent)
RetbleedMitigation: Enhanced IBRSMitigation: Enhanced IBRS
MMIO Stale DataMitigation: Clear CPU buffersMitigation: Clear CPU buffers; SMT vulnerable
TSX Async AbortMitigation: TSX disabledNot affected (CPU-dependent)
TSA (Transient Scheduler Attacks)Mitigation: Clear CPU buffers Kernel 7 nativeNot affected (CPU-dependent)
VMSCAPE (VM Escape Hardening)Mitigation: VMCS shadowing restricted Kernel 7 nativeNot affected (CPU-dependent)
Gather Data SamplingMitigation: MicrocodeMitigation: Microcode
SRBDSMitigation: MicrocodeNot affected (CPU-dependent)
+ +

+ ¹ VM test limitation: MDS and Speculative Store Bypass show "Vulnerable" because QEMU/KVM + does not pass through CPU microcode. On real hardware with vendor microcode installed (via intel-microcode + or amd64-microcode packages, both included in the ISO), these would show mitigated status. + Ubuntu's "Not affected" entries reflect the specific CPU model of that production server, not a kernel advantage. +

+ +

Kernel 7.0 exclusive mitigations

+

+ Three vulnerability classes have native mitigation code that was written for kernel 7.0: +

+
    +
  • ITS — Indirect Target Selection attacks. Kernel 7.0 ships the upstream fix natively, while older kernels received backports.
    • +
  • TSA — Transient Scheduler Attacks against CPU scheduling units. New vulnerability class; mitigation only exists in 7.0+.
    • +
  • VMSCAPE — VM escape via VMCS manipulation. Restricts shadow VMCS access; new in 7.0+.
    • +
+
+ + +
+

Out-of-Box Security Hardening — 32 Modules

+

+ What runs on first boot, before the user touches anything. Alfred Linux RC8 ships 32 security modules across 3 hooks — more out-of-box hardening than any mainstream desktop Linux. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Security FeatureAlfred Linux RC8Ubuntu 24.04 LTS
Firewall (UFW + nftables)Both enabled, default-deny input ✅UFW installed but disabled
fail2ban (brute-force protection)Running, SSH 3-try/24h ban ✅Not installed
auditd (kernel audit logging)30+ rules, CIS-benchmark, immutable ✅Not installed
Kernel sysctl hardening45+ rules, CIS Level 2 ✅Minimal defaults
Kernel lockdown modelockdown=integrity ✅Not enabled
AppArmorEnforced + custom IDE/search profiles ✅Initialized ✅
Unattended security upgradesRunning on first boot ✅Running on first boot ✅
DNS privacy (DNS-over-TLS)Quad9 + Cloudflare, DNSSEC ✅Plaintext DNS by default
MAC address randomizationWiFi + Ethernet random by default ✅Not configured
SSH hardeningStrong ciphers only, no forwarding, 3 tries ✅Default permissive config
File integrity (AIDE)Installed + daily cron check ✅Not installed
Antivirus (ClamAV)Running + weekly scan ✅Not installed
Rootkit detectionrkhunter + chkrootkit, daily ✅Not installed
Full-disk encryption (LUKS)1-click in installer ✅Available in installer ✅
NTP authentication (NTS)chrony + NTS (Cloudflare, Netnod) ✅systemd-timesyncd, no NTS
PAM password hardening10-char, 3-class, lockout after 5 ✅Minimal defaults
Process isolation (hidepid)hidepid=2 on /proc ✅All processes visible
Core dumps disabledDisabled system-wide ✅Enabled by default
Compiler restrictiongcc/g++/make restricted to dev group ✅Accessible to all users
Secure mount options/tmp noexec, /dev/shm nodev/nosuid ✅Default mount options
Kernel module blacklistingFirewire, dccp, sctp, rds, cramfs ✅All modules loadable
USB logging + controludev logging + toggle tool ✅No USB monitoring
Cron/at lockdownRoot-only (allow list) ✅Any user can add cron jobs
Security bannersLegal warning on login + SSH ✅No banner
Memory init (init_on_alloc)init_on_alloc=1, init_on_free=1 ✅Not set
kernel.unprivileged_bpf_disabledSet via sysctl ✅Not set (Spectre v2 vector)
+ +

+ Security tools included: alfred-security-status (dashboard), alfred-scan (antivirus), alfred-usb-storage (USB toggle), alfred-aide-init (integrity baseline), alfred-network-status (network audit), alfred-encrypt-status (encryption check). +

+
+ + +
+

Persistent Gaps

+

+ Radical honesty. Even with 32 security modules, Ubuntu has advantages we can't match today. +

+ +
+
+

Gap   LTS Lifecycle

+

Ubuntu LTS ships security patches for 5-12 years. We're a release candidate with no long-term commitment yet.

+
+
+

Gap   CVE Response Team

+

Canonical has a dedicated security team publishing USNs within days. We have a small team and no SLA.

+
+
+

Gap   Compliance Certifications

+

No FIPS 140-2, CIS Benchmarks, or DISA STIGs. Enterprises cannot deploy us until those exist.

+
+
+

Gap   Hardware Testing

+

Boot-verified in QEMU/KVM only. No bare-metal test matrix across vendor hardware yet.

+
+
+
+ + +
+

Build Transparency

+

+ Every Alfred Linux ISO is built by a single script with numbered, auditable hooks. Nothing is hidden. +

+ +

Build chain

+ 
scripts/build-unified.sh rc8 --uefi   ← one command
+├── Hook 0100: branding + UFW + SSH    ← visual identity + base firewall
+├── Hook 0150: hardware                ← drivers, firmware, microcode
+├── Hook 0160: security (21 modules)   ← sysctl, AppArmor, auditd, ClamAV, AIDE, etc.
+├── Hook 0165: network hardening       ← nftables, MAC random, SSH ciphers, anti-scan
+├── Hook 0170: full-disk encryption    ← LUKS/cryptsetup, Calamares FDE
+├── Hook 0200: browser                 ← Alfred Browser (privacy-first)
+├── Hook 0300: ide                     ← Alfred IDE
+├── Hook 0400: voice                   ← Kokoro TTS engine
+├── Hook 0500: search                  ← Meilisearch
+├── Hook 0600: installer               ← Calamares (graphical disk installer)
+├── Hook 0700: welcome                 ← first-boot experience
+├── Hook 0710: update                  ← OTA update framework
+├── Hook 0800: store                   ← Alfred Store
+├── Hook 0900: voice-v2                ← advanced voice engine
+├── Hook 9999: boot-fix (chroot)       ← generic kernel names for bootloader
+└── Hook 9999: boot-fix (binary)       ← ISOLINUX/GRUB references
+ +

Published checksums

+ 
SHA-256: 7d49ef3cfb957cb9854bd3f451ef99ec8255afd68069a89ed0cf5a847d5d79bf
+BLAKE3:  e021d2024599aa918972d9e6b9fd9c1d97d226ac69da035913fd7a462dbef47d
+File:    alfred-linux-4.0-rc8-amd64.iso
+Size:    2.4 GB
+

+ Verify yourself: sha256sum alfred-linux-4.0-rc8-amd64.iso · b3sum alfred-linux-4.0-rc8-amd64.iso +

+

+ The build script, all 16 hooks (including 3 dedicated security hooks totalling 800+ lines), and the kernel config are inspectable. The ISO is built on a dedicated + GoSiteMe build server (8 cores, 32 GB RAM) using Debian live-build toolchain on Debian Trixie. The compiled kernel + produced 44,028 lines of build output with zero errors. +

+
+ + +
+

Boot Test Evidence

+

+ On April 6, 2026, we booted the RC8 ISO in QEMU/KVM and captured 1,363 lines of kernel and systemd output. +

+ +

Key results

+
    +
  • Kernel identified as Linux version 7.0.0-rc7-alfred
    • +
  • 121 systemd services started successfully
    • +
  • 0 kernel panics
    • +
  • 0 failed services
    • +
  • UFW firewall loaded and active
    • +
  • fail2ban service running
    • +
  • auditd active with rules loaded
    • +
  • AppArmor initialized with SHA-256 policy hashing
    • +
  • Unattended upgrades shutdown hook active
    • +
  • ZRAM swap device active
    • +
+ +

Kernel boot line (from dmesg)

+ 
[    0.256611] mitigations: Enabled attack vectors: user_kernel, user_user, guest_host, guest_guest, SMT mitigations: auto
+[    0.260297] Spectre V2 : Mitigation: Retpolines
+[    0.261401] ITS: Mitigation: Aligned branch/return thunks
+[    0.264740] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
+[    0.266790] Spectre V2 : Spectre v2 / SpectreRSB: Filling RSB on context switch and VMEXIT
+ +

systemd confirmation

+ 
systemd 257.9-1 running in system mode
+  (+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK +SECCOMP
+   +GCRYPT +OPENSSL +ELFUTILS +FIDO2 +TPM2 +ZSTD +BPF_FRAMEWORK)
+
+ + +
+

Why Transparent Security Matters

+

+ Alfred Linux isn't just an operating system. It's the foundation layer for a larger vision. +

+ +
+
+

Layer 1 — Alfred Linux

+

The transparent, auditable operating system. Every build hook visible, every mitigation documented, every gap disclosed.

+
+
+

Layer 2 — Alfred IDE

+

The builder's tool. Developers create applications, extensions, and AI agents on a foundation they can verify.

+
+
+

Layer 3 — MetaDome

+

A governed digital civilization with 115,000+ AI citizens, courts, passports, democratic governance — where corruption is architecturally impossible.

+
+
+

Layer 4 — Real-World Impact

+

Governance models proven in MetaDome can be applied to real-world transparency challenges — from climate policy to resource allocation.

+
+
+ +

+ The argument is simple: you cannot build corruption-proof digital governance on a black-box operating system. + If the foundation isn't transparent, the whole "trust by design" claim is hollow. Alfred Linux proves that + even the OS layer — the lowest level — can be open, auditable, and honest about its limitations. +

+ +

+ When MetaDome runs governance simulations — AI citizens voting on policy, + transparent courts resolving disputes, energy-aware compute — it matters that the OS underneath isn't hiding anything. + That's not marketing. That's architecture. +

+
+ + +
+

Our Position

+ +

+ We do not claim Alfred Linux is "more secure than Ubuntu." +

+

+ Ubuntu has 20 years of battle-testing, a dedicated security team, compliance certifications, and LTS commitments + that we cannot yet match. It is the right choice for enterprises that need those guarantees today. +

+

+ What we do claim: +

+
    +
  • We ship the newest kernel with native mitigations for vulnerabilities that older kernels handle via backports
    • +
  • We enable security services (firewall, intrusion detection, audit logging) from first boot — not as optional packages
    • +
  • We close the unprivileged eBPF attack vector that Ubuntu leaves open
    • +
  • We publish our full build chain, security findings, and gaps in the open
    • +
  • We put the honest comparison table on our own website, not in a marketing PDF
    • +
+

+ That's our posture: security through transparency. Not through claims we can't back up. +

+
+ +
+

Verify It Yourself

+

Download the ISO. Check the SHA-256 and BLAKE3 hashes. Boot it. Run cat /sys/devices/system/cpu/vulnerabilities/* and compare.

+ Download RC8 + Release Notes + Enter MetaDome +
+ +
+

Methodology

+

Test date: April 6, 2026

+

Alfred Linux test: RC8 ISO booted in QEMU/KVM on EU build server (8 cores, 32 GB RAM, AMD EPYC). Kernel + initrd extracted from ISO, booted with console=ttyS0,115200. Full 1,363-line boot log captured.

+

Ubuntu test: Production server running Ubuntu 22.04 LTS, kernel 5.15.0-173-generic (updated March 6, 2026). Vulnerability data read from /sys/devices/system/cpu/vulnerabilities/*.

+

Important caveat: "Not affected" entries in the Ubuntu column reflect that specific CPU model, not the kernel version. A different CPU would show different results. The comparison is between what each kernel does when a vulnerability applies, not absolute security ratings.

+

Last updated: April 6, 2026

+
+ +
+ + + + + diff --git a/sitemap.xml b/sitemap.xml new file mode 100644 index 0000000..9e2740c --- /dev/null +++ b/sitemap.xml @@ -0,0 +1,69 @@ + + + + https://alfredlinux.com/ + 2026-04-07 + weekly + 1.0 + + + https://alfredlinux.com/download + 2026-04-07 + weekly + 0.9 + + + https://alfredlinux.com/docs + 2026-04-07 + weekly + 0.8 + + + https://alfredlinux.com/releases + 2026-04-07 + weekly + 0.8 + + + https://alfredlinux.com/security + 2026-04-07 + monthly + 0.8 + + + https://alfredlinux.com/developers + 2026-04-07 + monthly + 0.7 + + + https://alfredlinux.com/apps + 2026-04-07 + weekly + 0.8 + + + https://alfredlinux.com/compare + 2026-04-07 + monthly + 0.8 + + + https://alfredlinux.com/about + 2026-04-07 + monthly + 0.7 + + + https://alfredlinux.com/forge/ + 2026-04-07 + weekly + 0.6 + + + https://alfredlinux.com/api/version.json + 2026-04-07 + weekly + 0.5 + +