commander/alfredlinux.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60f940cdd0
alfredlinux.com/docs.php
Commander 60f940cdd0 feat: complete alfredlinux.com website — 9 pages + 404 + robots + sitemap 
- index.php: Landing page with feature showcase, editions, roadmap
- download.php: WebTorrent P2P download (no torrent client needed)
- apps.php: Ecosystem app downloads (Browser, IDE, Veil, Pulse)
- releases.php: Full changelog RC1 through RC8
- docs.php: Technical documentation and build specs
- security.php: Kernel hardening transparency report
- developers.php: Developer foundation and contribution guide
- compare.php: Head-to-head vs Ubuntu/Mint/Fedora/Arch
- about.php: Company provenance, founder, verification commands
- 404.html: Branded error page
- JSON-LD structured data on 4 pages
- Twitter Card + OpenGraph meta tags on all pages
- Security headers (HSTS, X-Frame-Options, CSP)
2026-04-07 15:47:54 -04:00

967 lines
66 KiB
PHP
Raw Blame History

<?php
/**
* Alfred Linux — Public Technical Documentation
* Build history, kernel specs, architecture deep-dive
*
* Built by Alfred for Commander Danny William Perez
* GoSiteMe Inc. — April 2026
*/
$year = date('Y');
$buildDate = '2026-04-06';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" href="/favicon.ico">
<title>Alfred Linux — Technical Documentation &amp; Build History</title>
<meta name="description" content="Technical documentation for Alfred Linux: build history, kernel specifications, architecture deep-dive, version comparison, and the engineering story behind the world's first AI-native operating system.">
<meta name="keywords" content="Alfred Linux docs, Linux kernel, build history, ISO build, Debian Bookworm, AI operating system, technical documentation">
<meta property="og:title" content="Alfred Linux — Technical Documentation">
<meta property="og:description" content="Build history, kernel specs, and the engineering story behind Alfred Linux.">
<meta property="og:type" content="article">
<meta property="og:url" content="https://alfredlinux.com/docs">
<meta property="og:image" content="https://alfredlinux.com/og-image.png">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:title" content="Alfred Linux — Technical Documentation">
<meta name="twitter:description" content="Build history, kernel specs, and the engineering story behind Alfred Linux.">
<meta name="twitter:image" content="https://alfredlinux.com/og-image.png">
<link rel="canonical" href="https://alfredlinux.com/docs">
<link rel="stylesheet" href="/assets/fonts/inter/inter.css">
<link rel="stylesheet" href="/assets/fonts/jetbrains-mono/jetbrains-mono.css">
<style>
:root {
--bg: #06060b;
--surface: rgba(255,255,255,0.03);
--surface-hover: rgba(255,255,255,0.06);
--border: rgba(255,255,255,0.06);
--border-hover: rgba(99, 102, 241, 0.3);
--text: #e0e0e0;
--text-muted: #9ca3af;
--text-dim: #6b7280;
--accent: #6366f1;
--accent-light: #a5b4fc;
--accent2: #8b5cf6;
--green: #34d399;
--red: #ef4444;
--amber: #f59e0b;
--cyan: #22d3ee;
}
* { margin: 0; padding: 0; box-sizing: border-box; }
html { scroll-behavior: smooth; }
body {
font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
background: var(--bg);
color: var(--text);
line-height: 1.7;
}
/* ── NAV ── */
nav {
position: fixed; top: 0; left: 0; right: 0; z-index: 100;
padding: 0.75rem 2rem;
background: rgba(6,6,11,0.85);
backdrop-filter: blur(20px);
border-bottom: 1px solid var(--border);
display: flex; align-items: center; justify-content: space-between;
}
.nav-brand { display: flex; align-items: center; gap: 0.75rem; text-decoration: none; color: #fff; font-weight: 700; font-size: 1.1rem; }
.logo-mark { width: 32px; height: 32px; border-radius: 8px; background: linear-gradient(135deg, var(--accent), var(--accent2)); display: flex; align-items: center; justify-content: center; font-weight: 900; font-size: 1rem; color: #fff; }
.nav-links { display: flex; align-items: center; gap: 1.5rem; }
.nav-links a { color: var(--text-muted); text-decoration: none; font-size: 0.9rem; transition: color 0.2s; }
.nav-links a:hover { color: #fff; }
.nav-cta { background: rgba(99,102,241,0.15); border: 1px solid rgba(99,102,241,0.3); padding: 0.4rem 1rem !important; border-radius: 8px; color: var(--accent-light) !important; font-weight: 600; }
/* ── LAYOUT ── */
.page-header {
padding: 8rem 2rem 4rem;
text-align: center;
background: radial-gradient(ellipse at 50% 30%, rgba(99,102,241,0.08) 0%, transparent 60%);
}
.page-header h1 {
font-size: clamp(2.2rem, 5vw, 3.5rem);
font-weight: 900; margin-bottom: 1rem;
background: linear-gradient(135deg, #fff 0%, var(--accent-light) 50%, var(--cyan) 100%);
-webkit-background-clip: text; -webkit-text-fill-color: transparent; background-clip: text;
}
.page-header p { color: var(--text-muted); font-size: 1.15rem; max-width: 700px; margin: 0 auto; }
.page-header .updated { font-size: 0.85rem; color: var(--text-dim); margin-top: 1rem; }
.doc-layout {
max-width: 1200px; margin: 0 auto; padding: 0 2rem 4rem;
display: grid; grid-template-columns: 240px 1fr; gap: 3rem;
}
/* ── SIDEBAR TOC ── */
.toc {
position: sticky; top: 5rem; height: fit-content;
padding: 1.5rem; border-radius: 12px;
background: var(--surface); border: 1px solid var(--border);
}
.toc h3 { font-size: 0.75rem; text-transform: uppercase; letter-spacing: 0.1em; color: var(--text-dim); margin-bottom: 1rem; font-weight: 700; }
.toc a {
display: block; padding: 0.35rem 0; font-size: 0.85rem;
color: var(--text-muted); text-decoration: none; transition: all 0.2s;
border-left: 2px solid transparent; padding-left: 0.75rem;
}
.toc a:hover { color: var(--accent-light); border-left-color: var(--accent); }
.toc .toc-section { margin-bottom: 0.25rem; }
/* ── CONTENT ── */
.doc-content h2 {
font-size: 1.8rem; font-weight: 800; color: #fff;
margin: 3rem 0 1.5rem; padding-bottom: 0.75rem;
border-bottom: 1px solid var(--border);
}
.doc-content h2:first-child { margin-top: 0; }
.doc-content h3 {
font-size: 1.25rem; font-weight: 700; color: #fff;
margin: 2rem 0 1rem;
}
.doc-content p { margin-bottom: 1rem; color: var(--text); }
.doc-content ul, .doc-content ol { margin-bottom: 1rem; padding-left: 1.5rem; }
.doc-content li { margin-bottom: 0.5rem; color: var(--text-muted); }
.doc-content li strong { color: #fff; }
.doc-content a { color: var(--accent-light); text-decoration: none; }
.doc-content a:hover { text-decoration: underline; }
.doc-content code {
font-family: 'JetBrains Mono', monospace; font-size: 0.85em;
background: rgba(255,255,255,0.06); padding: 0.15em 0.4em;
border-radius: 4px; color: var(--cyan);
}
/* ── CARDS & BLOCKS ── */
.info-card {
padding: 1.5rem 2rem; border-radius: 12px; margin: 1.5rem 0;
background: var(--surface); border: 1px solid var(--border);
}
.info-card.highlight { border-color: rgba(99,102,241,0.3); background: rgba(99,102,241,0.05); }
.info-card.success { border-color: rgba(52,211,153,0.3); background: rgba(52,211,153,0.05); }
.info-card.amber { border-color: rgba(245,158,11,0.3); background: rgba(245,158,11,0.05); }
.info-card h4 { font-size: 1rem; font-weight: 700; color: #fff; margin-bottom: 0.5rem; }
.info-card p { margin-bottom: 0; color: var(--text-muted); font-size: 0.95rem; }
.code-block {
background: rgba(0,0,0,0.5); border: 1px solid var(--border);
border-radius: 10px; padding: 1.25rem 1.5rem; margin: 1rem 0;
font-family: 'JetBrains Mono', monospace; font-size: 0.82rem;
color: var(--text-muted); overflow-x: auto; line-height: 1.6;
}
.code-block .comment { color: var(--text-dim); }
.code-block .keyword { color: var(--accent-light); }
.code-block .string { color: var(--green); }
.code-block .number { color: var(--amber); }
/* ── BUILD TIMELINE ── */
.build-timeline { margin: 1.5rem 0; }
.build-entry {
display: grid; grid-template-columns: 50px 120px 1fr 100px;
align-items: center; gap: 1rem;
padding: 0.85rem 1.25rem; border-radius: 10px;
background: var(--surface); border: 1px solid var(--border);
margin-bottom: 0.5rem; transition: all 0.2s;
}
.build-entry:hover { border-color: var(--border-hover); }
.build-badge {
padding: 0.2rem 0.5rem; border-radius: 6px;
font-size: 0.7rem; font-weight: 700; text-align: center;
text-transform: uppercase; letter-spacing: 0.05em;
}
.badge-rc { background: rgba(52,211,153,0.15); color: var(--green); }
.badge-beta { background: rgba(99,102,241,0.15); color: var(--accent-light); }
.badge-alpha { background: rgba(245,158,11,0.15); color: var(--amber); }
.build-date { font-size: 0.85rem; color: var(--text-dim); font-family: 'JetBrains Mono', monospace; }
.build-desc { font-size: 0.9rem; color: var(--text); }
.build-size { font-size: 0.85rem; color: var(--text-dim); text-align: right; font-family: 'JetBrains Mono', monospace; }
/* ── KERNEL MAP ── */
.kernel-map {
display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
gap: 1rem; margin: 1.5rem 0;
}
.kernel-card {
padding: 1.25rem 1.5rem; border-radius: 12px;
background: var(--surface); border: 1px solid var(--border);
transition: all 0.2s;
}
.kernel-card:hover { border-color: var(--border-hover); }
.kernel-card .k-version { font-size: 1.5rem; font-weight: 800; color: #fff; margin-bottom: 0.25rem; }
.kernel-card .k-branch { font-size: 0.8rem; color: var(--text-dim); text-transform: uppercase; letter-spacing: 0.05em; margin-bottom: 0.5rem; }
.kernel-card .k-desc { font-size: 0.9rem; color: var(--text-muted); }
.kernel-card.current { border-color: rgba(52,211,153,0.4); background: rgba(52,211,153,0.05); }
.kernel-card.target { border-color: rgba(99,102,241,0.4); background: rgba(99,102,241,0.05); }
/* ── SPEC TABLE ── */
.spec-table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
.spec-table th, .spec-table td { padding: 0.75rem 1rem; text-align: left; border-bottom: 1px solid var(--border); }
.spec-table th { color: var(--accent-light); font-weight: 600; font-size: 0.8rem; text-transform: uppercase; letter-spacing: 0.05em; }
.spec-table td { color: var(--text-muted); font-size: 0.9rem; }
.spec-table td:first-child { color: #fff; font-weight: 500; }
.spec-table tr:hover td { background: rgba(255,255,255,0.02); }
/* ── COMPONENT GRID ── */
.component-grid {
display: grid; grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
gap: 1rem; margin: 1.5rem 0;
}
.component-card {
padding: 1.25rem 1.5rem; border-radius: 12px;
background: var(--surface); border: 1px solid var(--border);
}
.component-card h4 { font-size: 1rem; font-weight: 700; color: #fff; margin-bottom: 0.5rem; }
.component-card .c-version { font-size: 0.8rem; color: var(--accent-light); font-family: 'JetBrains Mono', monospace; margin-bottom: 0.5rem; }
.component-card p { font-size: 0.85rem; color: var(--text-muted); margin-bottom: 0; }
/* ── FOOTER ── */
footer {
padding: 3rem 2rem; border-top: 1px solid var(--border);
text-align: center;
}
footer p { color: var(--text-dim); font-size: 0.85rem; }
footer a { color: var(--accent-light); text-decoration: none; }
/* ── MOBILE ── */
@media (max-width: 900px) {
.doc-layout { grid-template-columns: 1fr; }
.toc { display: none; }
.build-entry { grid-template-columns: 1fr 1fr; gap: 0.5rem; }
}
@media (max-width: 600px) {
.kernel-map { grid-template-columns: 1fr; }
.component-grid { grid-template-columns: 1fr; }
}
</style>
</head>
<body>
<!-- ═══ NAV ═══ -->
<nav>
<a href="/" class="nav-brand">
<div class="logo-mark">A</div>
Alfred Linux
</a>
<div class="nav-links">
<a href="/">Home</a>
<a href="/download">Download</a>
<a href="/apps">Apps</a>
<a href="/docs" style="color:#fff;">Docs</a>
<a href="/releases">Releases</a>
<a href="/security">Security</a>
<a href="/developers">Developers</a>
<a href="/compare">Compare</a>
<a href="/about">About</a>
</div>
</nav>
<!-- ═══ PAGE HEADER ═══ -->
<div class="page-header">
<h1>Technical Documentation</h1>
<p>Everything under the hood. Build history, kernel specifications, architecture deep-dive, and the engineering story behind Alfred Linux.</p>
<div class="updated">Last updated: <?= $buildDate ?> &mdash; Alfred Linux 4.0 RC8 (Kernel 7.0 · 32 Security Modules)</div>
</div>
<!-- ═══ DOC LAYOUT ═══ -->
<div class="doc-layout">
<!-- Sidebar TOC -->
<aside class="toc">
<h3>Contents</h3>
<a href="#overview" class="toc-section">Overview</a>
<a href="#kernel" class="toc-section">Kernel Deep-Dive</a>
<a href="#kernel-landscape" class="toc-section">Kernel Landscape</a>
<a href="#kernel-roadmap" class="toc-section">Kernel Roadmap</a>
<a href="#build-history" class="toc-section">Build History</a>
<a href="#components" class="toc-section">Components</a>
<a href="#build-system" class="toc-section">Build System</a>
<a href="#specs" class="toc-section">System Specs</a>
<a href="#security" class="toc-section">Security</a>
<a href="#iso-details" class="toc-section">ISO Details</a>
<a href="#mobile" class="toc-section">Mobile (Android)</a>
<a href="#contribute" class="toc-section">Contributing</a>
</aside>
<!-- Main Content -->
<main class="doc-content">
<!-- ═══ OVERVIEW ═══ -->
<h2 id="overview">Overview</h2>
<p>Alfred Linux is a complete operating system built from the ground up with AI as the primary user interface. Based on <strong>Debian Trixie (13)</strong>, it ships the full Linux desktop experience plus sixteen integrated AI-native build hooks &mdash; including three dedicated security hooks delivering 32 hardening modules &mdash; that no other distribution includes.</p>
<div class="info-card highlight">
<h4>Current Release: v4.0 RC8 &ldquo;The People&rsquo;s OS&rdquo;</h4>
<p>Release Candidate 8 &mdash; built April 6, 2026. Debian Trixie 13 base, <strong>Linux kernel 7.0.0-rc7</strong> (custom compiled from source &mdash; first distro on the planet shipping kernel 7), x86_64 architecture, UEFI+BIOS hybrid boot. <strong>16 build hooks. 32 security modules.</strong> Includes Alfred Browser, Alfred IDE (auto-generated passwords), Kokoro Voice, Voice 2.0 Wake Word, Alfred Store (Flatpak), Welcome App, alfred-update, alfred-info, Meilisearch, Calamares installer with LUKS2 FDE checkbox, universal hardware support, and <strong>enterprise-grade security hardening</strong>: 3 dedicated security hooks (0160 &mdash; 21 modules, 0165 &mdash; 7 network modules, 0170 &mdash; 4 FDE modules), AIDE file integrity, ClamAV antivirus, rkhunter + chkrootkit rootkit detection, DNS-over-TLS, MAC randomization, nftables default-deny, PAM password hardening, auditd 30+ immutable rules, compiler restriction, hidepid=2, NTS time sync, 6 CLI security tools, 16 boot-time security params, 45+ sysctl CIS L2 rules, 30+ blacklisted dangerous kernel modules, AppArmor enforced with custom profiles, fail2ban, io_uring disabled, lockdown=integrity, 24 compiled-in hardware vulnerability mitigations (including 3 kernel-7-exclusive: ITS, TSA, VMSCAPE). ISO size: ~2.5 GB.</p>
</div>
<p>Alfred Linux is not a Linux distribution with a chatbot bolted on. The AI is integrated at the operating system level &mdash; from voice-driven shell interaction to the development environment to the browser. Every component was chosen and configured to serve the mission: <strong>your voice is the command line</strong>.</p>
<h3>What Ships in v4.0</h3>
<ul>
<li><strong>Alfred Desktop Environment</strong> &mdash; XFCE4 with custom theming, Arc dark theme, Papirus icons, JetBrains Mono font, and branded Plymouth boot splash</li>
<li><strong>Alfred Browser</strong> &mdash; Built on Tauri + WebKitGTK. 4.7 MB. Zero telemetry, zero tracking. Replaces Firefox-ESR entirely</li>
<li><strong>Alfred IDE</strong> &mdash; full VS Code-compatible IDE (powered by code-server 4.114.0) with the Alfred Commander extension pre-installed. Full VS Code in the browser at port 8443</li>
<li><strong>Alfred Voice</strong> &mdash; Kokoro TTS engine with PyTorch CPU backend, spaCy NLP, and a welcome greeting on first boot</li>
<li><strong>Alfred Search</strong> &mdash; Meilisearch local search engine for offline-first, instant search across all local content</li>
<li><strong>Calamares Installer</strong> &mdash; Full graphical disk installer with v4.0 branding, custom slideshow, and encrypted disk support</li>
<li><strong>Welcome App</strong> &mdash; 7-page first-boot wizard (Python/Tk) for voice setup, WiFi config, tool launcher, P2P seeding opt-in, and keyboard shortcuts</li>
<li><strong>Alfred Store</strong> &mdash; Flatpak-powered app center with 6 curated categories, search, one-click install, and threaded updates</li>
<li><strong>Voice 2.0 Wake Word</strong> &mdash; Always-on &ldquo;Hey Alfred&rdquo; detection via openWakeWord. Systemd service with configurable threshold</li>
<li><strong>alfred-update &amp; alfred-info</strong> &mdash; CLI tools for one-command system updates (APT + Flatpak + Alfred version check) and branded system info panel</li>
</ul>
<!-- ═══ KERNEL DEEP-DIVE ═══ -->
<h2 id="kernel">Kernel Deep-Dive</h2>
<p>Alfred Linux 4.0 RC8 ships <strong>Linux kernel 7.0.0-rc7</strong>, custom-compiled from Linus Torvalds' mainline source tree. This makes Alfred Linux the <strong>first operating system distribution in the world to ship kernel 7</strong>. Released by Torvalds on April 5, 2026, kernel 7.0 is the first major version bump since 6.0 (October 2022).</p>
<div class="info-card success">
<h4>Decoding &ldquo;Linux 7.0.0-rc7-alfred&rdquo;</h4>
<p><code>7</code> = major version (first since 6.0 in Oct 2022)<br>
<code>0</code> = minor (first release in the 7.x series)<br>
<code>0</code> = patch level<br>
<code>rc7</code> = Release Candidate 7 (Torvalds' final testing phase)<br>
<code>alfred</code> = Alfred Linux custom build tag<br><br>
Compiled from the official git.kernel.org/torvalds/linux source tree with Debian Trixie's production config as the base, adapted via <code>make olddefconfig</code>. Custom <code>LOCALVERSION="-alfred"</code> tag. Built on 8-core EU build server.</p>
</div>
<h3>What Kernel 7.0 Brings</h3>
<ul>
<li><strong>3 New Hardware Mitigations (Kernel 7 Exclusive)</strong> &mdash; ITS (Indirect Target Selection), TSA (Transient Scheduler Attacks), and VMSCAPE (VM Escape) &mdash; not available in ANY 6.x kernel.</li>
<li><strong>24 Total CPU Vulnerability Mitigations</strong> &mdash; Spectre v1/v2/BHI, Meltdown (PTI), MDS, TAA, L1TF, SRBDS, SRSO, RFDS, GDS, Retbleed, MMIO, SSB, SLS, Call Depth Tracking, Retpoline, IBPB/IBRS, plus the 3 new ones.</li>
<li><strong>Expanded Rust-in-Kernel</strong> &mdash; More kernel subsystems in Rust for memory safety.</li>
<li><strong>EEVDF Scheduler Refinements</strong> &mdash; Better latency and throughput on multi-core machines.</li>
<li><strong>Latest Hardware Support</strong> &mdash; Intel Xe2, AMD RDNA4, NVIDIA 570+, WiFi 7, USB4, Thunderbolt 5, PCIe Gen 6.</li>
</ul>
<h3>Alfred Linux Security Hardening (12 Gaps Patched)</h3>
<p>The default kernel 7.0 config ships with <strong>12 security gaps</strong> that Alfred Linux patches at boot. No other consumer distro patches all 12:</p>
<table class="spec-table">
<thead><tr><th>#</th><th>Default Gap</th><th>Risk</th><th>Alfred Fix</th></tr></thead>
<tbody>
<tr><td>1</td><td><code>INIT_STACK_NONE=y</code></td><td>Uninitialized stack info leaks</td><td><code>init_on_alloc=1</code></td></tr>
<tr><td>2</td><td><code>INIT_ON_FREE</code> not set</td><td>Freed memory retains secrets</td><td><code>init_on_free=1</code></td></tr>
<tr><td>3</td><td><code>MODULE_SIG_FORCE</code> off</td><td>Unsigned modules can load</td><td><code>lockdown=integrity</code></td></tr>
<tr><td>4</td><td><code>MODULE_FORCE_UNLOAD=y</code></td><td>Force-unload modules</td><td>Lockdown blocks</td></tr>
<tr><td>5</td><td><code>IO_URING=y</code></td><td>#1 kernel vuln source 2022&ndash;2025</td><td><code>io_uring_disabled=2</code></td></tr>
<tr><td>6</td><td><code>USERFAULTFD=y</code></td><td>Race condition exploit enabler</td><td><code>unprivileged_userfaultfd=0</code></td></tr>
<tr><td>7</td><td><code>X86_IOPL_IOPERM=y</code></td><td>Direct I/O port access</td><td>Lockdown blocks</td></tr>
<tr><td>8</td><td><code>DEVMEM+PROC_KCORE</code></td><td>Physical memory read</td><td>Lockdown blocks</td></tr>
<tr><td>9</td><td><code>X86_MSR=m</code></td><td>Disable security features</td><td>Lockdown blocks</td></tr>
<tr><td>10</td><td><code>HIBERNATION=y</code></td><td>RAM written to disk</td><td><code>nohibernate</code></td></tr>
<tr><td>11</td><td><code>RANDSTRUCT_NONE=y</code></td><td>No struct randomization</td><td>Next compile pass</td></tr>
<tr><td>12</td><td><code>IOMMU_DEFAULT_DMA_LAZY</code></td><td>Weak DMA protection</td><td><code>iommu.strict=1</code></td></tr>
</tbody>
</table>
<h3>Additional Hardening Layers</h3>
<ul>
<li><strong>16 Boot Parameters</strong> &mdash; <code>lockdown=integrity nohibernate debugfs=off io_uring_disabled=2 tsx=off slab_nomerge page_alloc.shuffle=1 iommu.strict=1 vsyscall=none</code> and more</li>
<li><strong>40+ Sysctl Rules</strong> &mdash; ASLR, kptr_restrict=2, dmesg_restrict, perf paranoid=3, BPF JIT hardening, kexec disabled, SysRq disabled, userfaultfd restricted, tty ldisc locked</li>
<li><strong>30+ Module Blacklist</strong> &mdash; DCCP, SCTP, RDS, TIPC, Firewire, Thunderbolt, cramfs, hfs, freevxfs, jffs2, appletalk, IPX, and more</li>
<li><strong>nftables Firewall</strong> &mdash; Drop-by-default, rate-limited SSH (10/min), rate-limited ICMP (5/sec), full audit logging</li>
<li><strong>AppArmor + Fail2ban + auditd</strong> &mdash; Mandatory access control, SSH brute-force 3-strike 24h ban, comprehensive audit trail</li>
<li><strong>Secure Mounts</strong> &mdash; /tmp and /dev/shm: noexec, nosuid, nodev</li>
<li><strong>Core Dumps Disabled</strong> &mdash; Hard limit 0, kernel.core_pattern=/bin/false</li>
<li><strong>Auto-generated IDE Passwords</strong> &mdash; Each session gets a unique random password, no default credentials</li>
</ul>
<h3>Previous Kernel: 6.12.74 (RC4&ndash;RC6)</h3>
<p>Alfred Linux v4.0 RC4 through RC6 shipped on Linux kernel 6.12.74 from the Debian Trixie security repositories &mdash; a Longterm release with 74 rounds of Debian kernel team security patches. RC7 leapfrogged to kernel 7.0 compiled from source, making Alfred the first distro on kernel 7.</p>
<!-- ═══ KERNEL LANDSCAPE ═══ -->
<h2 id="kernel-landscape">The Linux Kernel Landscape (April 2026)</h2>
<p>To understand where Alfred Linux sits in the kernel world, here is the full landscape of active Linux kernel branches as of April 2026:</p>
<div class="kernel-map">
<div class="kernel-card current">
<div class="k-version">7.0.0-rc7</div>
<div class="k-branch">Mainline &mdash; ALFRED LINUX IS HERE</div>
<div class="k-desc"><strong>First distro on kernel 7.</strong> Custom-compiled from Torvalds' source tree (released April 5, 2026). 3 exclusive mitigations: ITS, TSA, VMSCAPE. 24 total hardware vulnerability mitigations. Every other distro is still on 6.x.</div>
</div>
<div class="kernel-card">
<div class="k-version">6.19.11</div>
<div class="k-branch">Stable (Latest)</div>
<div class="k-desc">The newest stable release. Where Arch Linux and Fedora Rawhide sit. Alfred Linux has already leapfrogged past this to 7.0.</div>
</div>
<div class="kernel-card">
<div class="k-version">6.18.21</div>
<div class="k-branch">Longterm</div>
<div class="k-desc">Previous stable series, now in long-term maintenance. Receives only critical security and bug fixes.</div>
</div>
<div class="kernel-card">
<div class="k-version">6.12.80</div>
<div class="k-branch">Longterm &mdash; Alfred RC4&ndash;RC6</div>
<div class="k-desc">Debian Trixie's default kernel. Alfred Linux RC4&ndash;RC6 shipped on this branch before RC7 leapfrogged to kernel 7.0. Rock-solid LTS, extensively patched.</div>
</div>
<div class="kernel-card">
<div class="k-version">6.6.132</div>
<div class="k-branch">Longterm</div>
<div class="k-desc">Another LTS branch. Known for broad hardware support and mature driver stack. Used by some Ubuntu LTS releases.</div>
</div>
<div class="kernel-card">
<div class="k-version">6.1.167</div>
<div class="k-branch">Longterm (Previous)</div>
<div class="k-desc">The Debian Bookworm kernel. Alfred Linux v2.0 shipped on this branch. Proven, hardened, and the backbone of millions of Debian servers worldwide.</div>
</div>
<div class="kernel-card">
<div class="k-version">5.15.202</div>
<div class="k-branch">Longterm (Legacy)</div>
<div class="k-desc">Previous generation LTS. Still maintained but winding down. Ubuntu 22.04 LTS ships this kernel.</div>
</div>
<div class="kernel-card">
<div class="k-version">5.10.252</div>
<div class="k-branch">Longterm (Legacy)</div>
<div class="k-desc">Oldest actively maintained kernel. Used by Debian Bullseye (11) and some embedded systems. Approaching end-of-life.</div>
</div>
</div>
<!-- ═══ KERNEL ROADMAP ═══ -->
<h2 id="kernel-roadmap">Kernel Upgrade Roadmap</h2>
<p>Alfred Linux is now on <strong>kernel 7.0.0-rc7</strong> &mdash; the first distro on earth to ship kernel 7. Here's the full trajectory:</p>
<div class="info-card success">
<h4>The Path to Kernel 7.0</h4>
<p>Linux kernels are modular &mdash; upgrading requires rebuilding the ISO with the new kernel. Alfred Linux's build system (live-build + 16 custom hooks) makes this manageable. For kernel 7.0, we compiled directly from Linus Torvalds' source tree, adapted Debian Trixie's production config, and built custom .deb packages. The kernel is one hook in our build pipeline.</p>
</div>
<table class="spec-table">
<thead>
<tr><th>Phase</th><th>Target Kernel</th><th>Why</th><th>Status</th></tr>
</thead>
<tbody>
<tr>
<td><strong>v2.0 (Legacy)</strong></td>
<td><code>6.1.0-44</code></td>
<td>Debian Bookworm default. Rock-solid stability. First bootable ISO.</td>
<td>&check; April 2026</td>
</tr>
<tr>
<td><strong>v4.0 RC4&ndash;RC6</strong></td>
<td><code>6.12.74</code></td>
<td>Rebased to Debian Trixie. EEVDF scheduler, Rust-in-kernel, UEFI+BIOS hybrid boot.</td>
<td>&check; April 2026</td>
</tr>
<tr>
<td><strong>v4.0 RC7</strong></td>
<td><code>7.0.0-rc7</code></td>
<td>Custom-compiled from Torvalds' mainline. 3 exclusive mitigations (ITS, TSA, VMSCAPE). 12 security gaps patched. First distro on kernel 7.</td>
<td>&check; April 6, 2026</td>
</tr>
<tr style="background:rgba(52,211,153,0.08);">
<td><strong>v4.0 RC8 (NOW)</strong></td>
<td><code>7.0.0-rc7</code></td>
<td>Enterprise security hardening: 32 modules, 3 dedicated security hooks, FDE, AppArmor, fail2ban, AIDE, ClamAV, nftables default-deny. 16 build hooks.</td>
<td><strong>&check; April 7, 2026</strong></td>
</tr>
<tr>
<td><strong>v5.0 (Next)</strong></td>
<td><code>7.0-stable or 7.1</code></td>
<td>Kernel 7.0 stable release with full testing. RANDSTRUCT enabled (compile-time fix for gap #11).</td>
<td>Summer 2026</td>
</tr>
</tbody>
</table>
<h3>What a Newer Kernel Gets Us</h3>
<ul>
<li><strong>Better Hardware Support</strong> &mdash; Every kernel release adds hundreds of new device drivers. Latest NVIDIA, AMD, Intel, Qualcomm, and Broadcom hardware. WiFi 7, USB4, Thunderbolt 5, PCIe Gen 5 NVMe.</li>
<li><strong>Performance Gains</strong> &mdash; The kernel scheduler (EEVDF in 6.6+), memory management (MGLRU), and I/O subsystem improve substantially with each release. 6.12+ benchmarks show 5-15% improvements over 6.1 in many workloads.</li>
<li><strong>Security Features</strong> &mdash; Newer kernels include improved address-space randomization, better speculative execution mitigations, shadow stacks (Intel CET), and Rust-based kernel modules for memory safety.</li>
<li><strong>Rust in the Kernel</strong> &mdash; Starting with 6.1, the kernel supports Rust as a second language alongside C. This is revolutionary for memory safety. Each newer version expands Rust support significantly.</li>
<li><strong>eBPF Improvements</strong> &mdash; Extended BPF for tracing, security, and networking gets more powerful with each release, enabling better Alfred-level system monitoring and AI-driven kernel optimization.</li>
</ul>
<div class="info-card amber">
<h4>Alfred Linux Already Ships the Latest Kernel</h4>
<p>With RC8, Alfred Linux is the <strong>first distro on earth shipping Linux kernel 7.0</strong> — now with <strong>32 security modules</strong> across 3 dedicated hooks. Custom-compiled from Linus Torvalds' mainline source tree, with Debian Trixie's production config as the base. This isn't a random git snapshot &mdash; it's the official 7.0-rc7 release from kernel.org, built with <code>make bindeb-pkg</code> on 8 cores, adapted via <code>make olddefconfig</code>, and hardened with 16 boot security parameters, 45+ sysctl CIS L2 rules, a 30+ module blacklist, an nftables drop-by-default firewall, AppArmor enforced, fail2ban, AIDE file integrity, ClamAV antivirus, and LUKS2 full-disk encryption. No other distro does this.</p>
</div>
<!-- ═══ BUILD HISTORY ═══ -->
<h2 id="build-history">Build History</h2>
<p>Alfred Linux v2.0 was developed through a rigorous incremental build pipeline. Each build added one major component and was tested before the next layer was added. Here is the complete build record:</p>
<h3>v1.0 &mdash; Foundation (14 builds)</h3>
<p>The original Alfred Linux v1.0 went through 14 iterative builds to establish the base operating system, desktop environment, and basic voice integration. The final v1.0 ISO was 1.5 GB and proved the concept: a bootable Linux desktop with AI voice integration.</p>
<h3>v2.0 &mdash; Full Stack (9+ builds)</h3>
<div class="build-timeline">
<div class="build-entry">
<div><span class="build-badge badge-alpha">b1</span></div>
<div class="build-date">2026-04-04</div>
<div class="build-desc"><strong>Foundation</strong> &mdash; Base Debian Bookworm + XFCE4 + Plymouth + Branding + Hardening</div>
<div class="build-size">~1.2 GB</div>
</div>
<div class="build-entry">
<div><span class="build-badge badge-beta">b2</span></div>
<div class="build-date">2026-04-04</div>
<div class="build-desc"><strong>+ Alfred Browser</strong> &mdash; Replaced Firefox-ESR with Alfred Browser (Tauri + WebKitGTK)</div>
<div class="build-size">1.4 GB</div>
</div>
<div class="build-entry">
<div><span class="build-badge badge-beta">b3</span></div>
<div class="build-date">2026-04-04</div>
<div class="build-desc"><strong>+ Alfred IDE</strong> &mdash; VS Code-compatible IDE (powered by code-server 4.114.0) + Commander extension for AI-powered development</div>
<div class="build-size">1.6 GB</div>
</div>
<div class="build-entry">
<div><span class="build-badge badge-beta">b4</span></div>
<div class="build-date">2026-04-05</div>
<div class="build-desc"><strong>+ Alfred Voice</strong> &mdash; Kokoro TTS + PyTorch CPU + spaCy NLP + welcome greeting service</div>
<div class="build-size">2.2 GB</div>
</div>
<div class="build-entry">
<div><span class="build-badge badge-beta">b5</span></div>
<div class="build-date">2026-04-05</div>
<div class="build-desc"><strong>+ Alfred Search</strong> &mdash; Meilisearch local search engine for offline-first instant search</div>
<div class="build-size">2.3 GB</div>
</div>
<div class="build-entry">
<div><span class="build-badge badge-beta">b6</span></div>
<div class="build-date">2026-04-05</div>
<div class="build-desc"><strong>+ Calamares Installer</strong> &mdash; Full graphical disk installer with Alfred branding and encryption</div>
<div class="build-size">2.3 GB</div>
</div>
<div class="build-entry">
<div><span class="build-badge badge-rc">RC1</span></div>
<div class="build-date">2026-04-05</div>
<div class="build-desc"><strong>Release Candidate 1</strong> &mdash; All 6 layers combined, first full integration test</div>
<div class="build-size">2.3 GB</div>
</div>
<div class="build-entry">
<div><span class="build-badge badge-rc">RC2</span></div>
<div class="build-date">2026-04-05</div>
<div class="build-desc"><strong>Release Candidate 2</strong> &mdash; Bug fixes, latest security patches applied</div>
<div class="build-size">2.3 GB</div>
</div>
<div class="build-entry" style="border-color: rgba(52,211,153,0.3); background: rgba(52,211,153,0.05);">
<div><span class="build-badge badge-rc">RC3</span></div>
<div class="build-date">2026-04-06</div>
<div class="build-desc"><strong>Release Candidate 3</strong> &mdash; Critical boot fix (kernel naming), splash template fix, binary hook for generic kernel names, kernel 6.1.0-44. <strong>First bootable ISO.</strong></div>
<div class="build-size">2.5 GB</div>
</div>
</div>
<h3>v4.0 &mdash; &ldquo;The People&rsquo;s OS&rdquo; (Trixie Rebase + 4 New Features)</h3>
<div class="build-timeline">
<div class="build-entry">
<div><span class="build-badge badge-beta">RC4</span></div>
<div class="build-date">2026-04-06</div>
<div class="build-desc"><strong>Trixie Rebase</strong> &mdash; Rebased from Debian Bookworm to Trixie (13), kernel 6.12, UEFI+BIOS hybrid boot. Voice hook fixed for Trixie (venv + --only-binary spacy).</div>
<div class="build-size">~2.5 GB</div>
</div>
<div class="build-entry" style="border-color: rgba(52,211,153,0.3); background: rgba(52,211,153,0.05);">
<div><span class="build-badge badge-rc">RC5</span></div>
<div class="build-date">2026-04-06</div>
<div class="build-desc"><strong>Full v4.0 Stack</strong> &mdash; All 10 hooks: Welcome App (7-page wizard), Alfred Store (Flatpak center), Voice 2.0 (&ldquo;Hey Alfred&rdquo; wake word), alfred-update, alfred-info, version check API. Calamares v4.0 branding.</div>
<div class="build-size">~2.5 GB</div>
</div>
<div class="build-entry" style="border-color: rgba(52,211,153,0.5); background: rgba(52,211,153,0.08);">
<div><span class="build-badge badge-rc">RC6</span></div>
<div class="build-date">2026-04-06</div>
<div class="build-desc"><strong>Hardware + Installer Fix</strong> &mdash; All 12 hooks: universal hardware support + security hardening (drivers, firmware, GPU, WiFi, Bluetooth, input devices, power mgmt, auto-detect 3-tier), install-or-try dialog on live boot, XFCE desktop trust fix, Kyber-1024 branding. Calamares now visible and launchable.</div>
<div class="build-size">~2.5 GB</div>
</div>
<div class="build-entry" style="border-color: rgba(99,102,241,0.4); background: rgba(99,102,241,0.06);">
<div><span class="build-badge badge-rc">RC7</span></div>
<div class="build-date">2026-04-06</div>
<div class="build-desc"><strong>KERNEL 7.0 &mdash; FIRST DISTRO ON EARTH</strong> &mdash; All 13 hooks. Linux kernel 7.0.0-rc7 custom-compiled from Linus Torvalds' mainline source tree. 3 kernel-7-exclusive mitigations: ITS, TSA, VMSCAPE. 24 compiled-in CPU vulnerability mitigations. 12 default security gaps patched. Hook 0050 (kernel 7) + Hook 0160 (352-line security hardening).</div>
<div class="build-size">~2.5 GB</div>
</div>
<div class="build-entry" style="border-color: rgba(16,185,129,0.6); background: rgba(16,185,129,0.12); box-shadow: 0 0 20px rgba(16,185,129,0.15);">
<div><span class="build-badge badge-rc" style="background:linear-gradient(135deg,#10b981,#059669);">RC8</span></div>
<div class="build-date">2026-04-06</div>
<div class="build-desc"><strong>ENTERPRISE SECURITY &mdash; 32 MODULES, 3 NEW HOOKS</strong> &mdash; All 16 hooks. 3 dedicated security hooks: Hook 0160 Alfred Security (21 modules: sysctl CIS L2, kernel lockdown, AppArmor w/ custom Alfred IDE + Meilisearch profiles, auto-updates, fail2ban 3-try/24h, auditd 30+ immutable rules, DNS-over-TLS, USB security, module blacklist, PAM 10-char/3-class, AIDE file integrity, ClamAV weekly scan, rkhunter + chkrootkit, hidepid=2, secure mounts, banners, core dumps disabled, cron lockdown, compiler restriction, NTS time sync, alfred-security-status CLI). Hook 0165 Network Hardening (7 modules: MAC randomization, nftables default-deny, TCP wrappers, port scan defense, wireless hardening, SSH strong ciphers, alfred-network-status CLI). Hook 0170 Full Disk Encryption (4 modules: LUKS2 cryptsetup + initramfs, strong defaults, Calamares FDE checkbox, alfred-encrypt-status CLI). 19 new security packages. fastfetch replaces neofetch. DNS fix hook (0011). Resilient IDE/Voice hooks (set +e).</div>
<div class="build-size">~2.5 GB</div>
</div>
</div>
<h3>The Boot Fix Story</h3>
<p>RC1 and RC2 were successfully built but contained a critical boot defect that was discovered during ISO inspection: the bootloader referenced <code>/live/vmlinuz</code> and <code>/live/initrd.img</code>, but the ISO only contained the versioned files (<code>vmlinuz-6.1.0-44-amd64</code>). This meant the ISOs would fail to boot on any hardware.</p>
<p>The fix was a build hook that runs as the absolute last step (hook #9999) in the chroot phase, creating copies of the kernel and initramfs with the generic names that the bootloader expects. RC3 is the first build with this fix and the latest Debian security patches (kernel 6.1.0-44, including WebKit, OpenSSL, ImageMagick, and GStreamer security updates).</p>
<!-- ═══ COMPONENTS ═══ -->
<h2 id="components">Bundled Components</h2>
<p>Every component is pre-installed and configured. No package manager needed for the core experience.</p>
<div class="component-grid">
<div class="component-card">
<h4>Alfred Browser</h4>
<div class="c-version">v4.0.0 &mdash; Tauri + WebKitGTK</div>
<p>Zero-telemetry sovereign web browser. 4.7 MB. No Google Services, no ad tracking, no phone-home. Set as the system default browser, replacing Firefox entirely.</p>
</div>
<div class="component-card">
<h4>Alfred IDE</h4>
<div class="c-version">Alfred IDE 1.0 (code-server 4.114.0 + Commander 1.0.1)</div>
<p>Full Visual Studio Code in the browser. The Alfred Commander extension provides AI chat, voice commands, and MCP tool integration. Runs on port 8443.</p>
</div>
<div class="component-card">
<h4>Alfred Voice</h4>
<div class="c-version">Kokoro TTS + PyTorch CPU</div>
<p>Text-to-speech engine running entirely offline. No cloud API needed. Speaks on first boot with a welcome greeting. spaCy NLP for natural language processing.</p>
</div>
<div class="component-card">
<h4>Alfred Search</h4>
<div class="c-version">Meilisearch (latest)</div>
<p>Lightning-fast local search engine. Indexes all local files and documentation. Sub-50ms search results. No internet connection required.</p>
</div>
<div class="component-card">
<h4>Calamares Installer</h4>
<div class="c-version">v3.2.x + Alfred v4.0 Branding</div>
<p>Graphical disk installer for permanent installation. Supports LUKS full-disk encryption, alongside/replace partitioning, and automated install modes.</p>
</div>
<div class="component-card">
<h4>Desktop Environment</h4>
<div class="c-version">XFCE 4.18 + LightDM</div>
<p>Lightweight, fast desktop with Arc dark theme, Papirus icons, JetBrains Mono font, and custom bash prompt. Branded fastfetch with Alfred ASCII art.</p>
</div>
</div>
<h3>New in v4.0</h3>
<div class="component-grid">
<div class="component-card">
<h4>Welcome App</h4>
<div class="c-version">v4.0 &mdash; Python/Tk</div>
<p>7-page first-boot wizard: voice setup, WiFi config, tool launcher, P2P seeding opt-in, keyboard shortcuts. Runs once, remembers. Dark branded UI.</p>
</div>
<div class="component-card">
<h4>Alfred Store</h4>
<div class="c-version">v4.0 &mdash; Flatpak + Flathub</div>
<p>App center with 6 curated categories: Featured, Development, Communication, Media, Games, Privacy. Search, one-click install, threaded background updates.</p>
</div>
<div class="component-card">
<h4>Voice 2.0 Wake Word</h4>
<div class="c-version">openWakeWord &mdash; systemd service</div>
<p>Always-on &ldquo;Hey Alfred&rdquo; wake word detection. Runs as a systemd service with 3-second cooldown and configurable audio threshold.</p>
</div>
<div class="component-card">
<h4>alfred-update &amp; alfred-info</h4>
<div class="c-version">CLI tools &mdash; /usr/local/bin/</div>
<p><code>alfred-update</code>: one-command APT + Flatpak + Alfred version check. <code>alfred-info</code>: branded system info panel showing version, kernel, uptime, memory, disk, services.</p>
</div>
</div>
<h3>Security Stack</h3>
<div class="component-grid">
<div class="component-card">
<h4>nftables Firewall</h4>
<div class="c-version">Default-deny + UFW frontend</div>
<p>nftables drop-by-default firewall with rate-limited SSH and ICMP. UFW frontend available for management. Only essential services allowed through.</p>
</div>
<div class="component-card">
<h4>Fail2ban</h4>
<div class="c-version">v1.0.2</div>
<p>Intrusion prevention system monitoring SSH, web, and other services. Automatically bans repeated failed login attempts.</p>
</div>
<div class="component-card">
<h4>SSH Hardening</h4>
<div class="c-version">OpenSSH (hardened config)</div>
<p>Root login disabled, password auth disabled by default, key-based only. Configured during build with security-first defaults.</p>
</div>
<div class="component-card">
<h4>WireGuard VPN</h4>
<div class="c-version">Kernel module included</div>
<p>Modern VPN built into the kernel. Ready for mesh networking, sovereign infrastructure, and peer-to-peer encrypted tunnels.</p>
</div>
</div>
<!-- ═══ BUILD SYSTEM ═══ -->
<h2 id="build-system">Build System</h2>
<p>Alfred Linux ISOs are built using <strong>Debian live-build</strong>, the same system used to produce official Debian Live images. The build process is fully automated and reproducible.</p>
<h3>Build Pipeline</h3>
<div class="code-block">
<span class="comment"># Alfred Linux uses a 3-phase build pipeline:</span>
<span class="keyword">Phase 1: Bootstrap</span>
debootstrap creates a minimal Debian chroot (~400 MB)
Base packages installed: dpkg, apt, bash, coreutils
<span class="keyword">Phase 2: Chroot</span>
<span class="number">1,000+</span> packages installed into the chroot
16 build hooks execute sequentially:
<span class="string">0010</span> &mdash; Fix Debian security repository URL format
<span class="string">0011</span> &mdash; Fix chroot DNS resolution (forcibly writes /etc/resolv.conf)
<span class="string">0100</span> &mdash; Alfred branding (Plymouth, fastfetch, XFCE config, hardening)
<span class="string">0150</span> &mdash; Alfred Hardware (universal drivers, firmware, input devices, GPU, WiFi, Bluetooth, power mgmt, auto-detect)
<span class="string">0160</span> &mdash; <strong>Alfred Security</strong> (21 modules: sysctl CIS L2, kernel lockdown, AppArmor w/ custom profiles, auto-updates, fail2ban, auditd 30+ rules, DNS-over-TLS, USB security, module blacklist, PAM hardening, AIDE, ClamAV, rkhunter + chkrootkit, hidepid, secure mounts, banners, core dumps, cron lockdown, compiler restriction, NTS time sync, alfred-security-status CLI)
<span class="string">0165</span> &mdash; <strong>Alfred Network Hardening</strong> (7 modules: MAC randomization, nftables default-deny, TCP wrappers, port scan defense, wireless hardening, SSH strong ciphers, alfred-network-status CLI)
<span class="string">0170</span> &mdash; <strong>Alfred Full Disk Encryption</strong> (4 modules: LUKS2 cryptsetup + initramfs, strong defaults, Calamares FDE checkbox, alfred-encrypt-status CLI)
<span class="string">0200</span> &mdash; Alfred Browser (remove Firefox, install .deb, set default)
<span class="string">0300</span> &mdash; Alfred IDE (VS Code-compatible IDE + Commander extension)
<span class="string">0400</span> &mdash; Alfred Voice (Kokoro TTS + PyTorch CPU + spaCy, venv-isolated)
<span class="string">0500</span> &mdash; Alfred Search (Meilisearch binary)
<span class="string">0600</span> &mdash; Calamares installer (KF5/Qt5 + v4.0 branding + LUKS2 FDE)
<span class="string">0700</span> &mdash; Welcome App (7-page Python/Tk first-boot wizard)
<span class="string">0710</span> &mdash; alfred-update + alfred-info CLI tools + version check API
<span class="string">0800</span> &mdash; Alfred Store (Flatpak app center + Flathub + 6 categories)
<span class="string">0900</span> &mdash; Voice 2.0 (openWakeWord &ldquo;Hey Alfred&rdquo; wake word service)
<span class="string">9999</span> &mdash; Kernel name fix (ensures /boot/vmlinuz exists)
<span class="keyword">Phase 3: Binary</span>
Security updates applied to chroot
chroot compressed to squashfs (~2.3 GB → filesystem.squashfs)
Bootloader configured (ISOLINUX/syslinux)
ISO assembled (xorriso) as hybrid ISO (USB + CD bootable)
</div>
<h3>Build Infrastructure</h3>
<table class="spec-table">
<thead><tr><th>Component</th><th>Specification</th></tr></thead>
<tbody>
<tr><td><strong>Build Server</strong></td><td>GoSiteMe dedicated build server, 8 cores, 32 GB RAM</td></tr>
<tr><td><strong>Build OS</strong></td><td>Ubuntu 22.04 LTS</td></tr>
<tr><td><strong>Build Tool</strong></td><td>live-build 3.0 (Ubuntu variant)</td></tr>
<tr><td><strong>Compression</strong></td><td>squashfs with gzip (8 threads parallel)</td></tr>
<tr><td><strong>ISO Tool</strong></td><td>xorriso with ISOLINUX hybrid boot</td></tr>
<tr><td><strong>Build Time</strong></td><td>~15 minutes (full rebuild from clean)</td></tr>
<tr><td><strong>Network</strong></td><td>1 Gbps dedicated link to Debian mirrors</td></tr>
</tbody>
</table>
<!-- ═══ SYSTEM SPECS ═══ -->
<h2 id="specs">System Specifications</h2>
<h3>ISO Details</h3>
<table class="spec-table">
<thead><tr><th>Property</th><th>Value</th></tr></thead>
<tbody>
<tr><td><strong>Base</strong></td><td>Debian 13 (Trixie)</td></tr>
<tr><td><strong>Kernel</strong></td><td>Linux 7.0.0-rc7 (amd64, custom-compiled)</td></tr>
<tr><td><strong>Architecture</strong></td><td>x86_64 (amd64)</td></tr>
<tr><td><strong>ISO Type</strong></td><td>Hybrid (USB stick + CD/DVD bootable, UEFI + BIOS)</td></tr>
<tr><td><strong>ISO Size</strong></td><td>~2.5 GB</td></tr>
<tr><td><strong>Desktop</strong></td><td>XFCE 4.18 + LightDM</td></tr>
<tr><td><strong>Init System</strong></td><td>systemd</td></tr>
<tr><td><strong>Package Format</strong></td><td>APT (.deb)</td></tr>
<tr><td><strong>Boot Firmware</strong></td><td>UEFI + BIOS (ISOLINUX/GRUB hybrid)</td></tr>
<tr><td><strong>License</strong></td><td>AGPL-3.0</td></tr>
</tbody>
</table>
<h3>Minimum Requirements</h3>
<table class="spec-table">
<thead><tr><th>Component</th><th>Minimum</th><th>Recommended</th></tr></thead>
<tbody>
<tr><td><strong>RAM</strong></td><td>4 GB</td><td>16 GB</td></tr>
<tr><td><strong>Storage</strong></td><td>32 GB</td><td>256 GB NVMe</td></tr>
<tr><td><strong>CPU</strong></td><td>2 cores, x86_64</td><td>8+ cores</td></tr>
<tr><td><strong>GPU</strong></td><td>Any (VESA fallback)</td><td>AMD/NVIDIA with open drivers</td></tr>
<tr><td><strong>Network</strong></td><td>Optional (works offline)</td><td>Ethernet or WiFi</td></tr>
<tr><td><strong>Boot</strong></td><td>USB 2.0 or CD/DVD</td><td>USB 3.0+</td></tr>
</tbody>
</table>
<h3>Pre-installed Package Highlights</h3>
<table class="spec-table">
<thead><tr><th>Category</th><th>Packages</th></tr></thead>
<tbody>
<tr><td><strong>Desktop</strong></td><td>xfce4, xfce4-goodies, thunar, xfce4-terminal, lightdm</td></tr>
<tr><td><strong>Media</strong></td><td>VLC, PulseAudio, ImageMagick</td></tr>
<tr><td><strong>Networking</strong></td><td>NetworkManager, WireGuard, curl, wget, OpenSSH</td></tr>
<tr><td><strong>Security</strong></td><td>nftables, AppArmor, fail2ban, auditd, AIDE, ClamAV, rkhunter, chkrootkit, GnuPG, KeePassXC</td></tr>
<tr><td><strong>Development</strong></td><td>git, vim, nano, python3, build-essential</td></tr>
<tr><td><strong>System</strong></td><td>htop, fastfetch, file-roller, gparted</td></tr>
<tr><td><strong>Fonts</strong></td><td>JetBrains Mono, Noto (full CJK support), Liberation</td></tr>
<tr><td><strong>Theming</strong></td><td>Arc theme, Papirus icons, Plymouth boot splash</td></tr>
</tbody>
</table>
<!-- ═══ SECURITY ═══ -->
<h2 id="security">Security Posture</h2>
<p>Alfred Linux ships <strong>32 security modules</strong> across 3 dedicated build hooks. Every default is chosen for defense, not convenience. RC8 delivers enterprise-grade hardening out of the box.</p>
<h3>Hook 0160 &mdash; Alfred Security (21 Modules)</h3>
<ul>
<li><strong>Kernel sysctl hardening</strong> &mdash; 45+ CIS Level 2 rules: ASLR=2, symlink/hardlink protection, SYN cookies, ICMP redirect blocking, source routing disabled, core dumps off</li>
<li><strong>Kernel lockdown</strong> &mdash; integrity mode enforced at boot</li>
<li><strong>AppArmor</strong> &mdash; Mandatory access control enforced with custom profiles for Alfred IDE and Meilisearch</li>
<li><strong>Unattended-upgrades</strong> &mdash; Automatic security patches enabled by default</li>
<li><strong>Fail2ban</strong> &mdash; SSH brute-force protection (3 attempts → 24-hour ban)</li>
<li><strong>Auditd</strong> &mdash; 30+ immutable audit rules for system calls, file access, auth events</li>
<li><strong>DNS-over-TLS</strong> &mdash; Quad9 (9.9.9.9) + Cloudflare (1.1.1.1) encrypted DNS via systemd-resolved</li>
<li><strong>USB security</strong> &mdash; USBGuard-style logging + <code>alfred-usb-storage</code> toggle tool</li>
<li><strong>Module blacklisting</strong> &mdash; firewire, dccp, sctp, cramfs, freevxfs, hfs, jffs2, udf, thunderbolt DMA</li>
<li><strong>PAM hardening</strong> &mdash; 10-character minimum, 3 character classes, account lockout after failed attempts</li>
<li><strong>AIDE</strong> &mdash; File integrity monitoring with daily cron check + <code>alfred-aide-init</code> baseline tool</li>
<li><strong>ClamAV</strong> &mdash; Antivirus engine with weekly scheduled scan via <code>alfred-scan</code></li>
<li><strong>Rootkit detection</strong> &mdash; rkhunter + chkrootkit with weekly cron scans</li>
<li><strong>hidepid=2</strong> &mdash; Users cannot see other users' processes</li>
<li><strong>Secure mounts</strong> &mdash; /tmp with noexec,nosuid,nodev; /var/tmp and /dev/shm hardened</li>
<li><strong>Login banners</strong> &mdash; Legal warning banners on console and SSH</li>
<li><strong>Core dumps disabled</strong> &mdash; via sysctl + limits.conf + systemd</li>
<li><strong>Cron/at lockdown</strong> &mdash; Root-only access to scheduled tasks</li>
<li><strong>Compiler restriction</strong> &mdash; gcc/g++ restricted to 'dev' group only</li>
<li><strong>NTS time sync</strong> &mdash; Chrony with Network Time Security (authenticated NTP)</li>
<li><strong><code>alfred-security-status</code></strong> &mdash; CLI dashboard showing status of all 21 modules</li>
</ul>
<h3>Hook 0165 &mdash; Alfred Network Hardening (7 Modules)</h3>
<ul>
<li><strong>MAC randomization</strong> &mdash; WiFi and Ethernet interfaces use random MAC addresses per-connection</li>
<li><strong>nftables firewall</strong> &mdash; Default-deny ingress, allow established + ICMP + loopback only</li>
<li><strong>TCP wrappers</strong> &mdash; hosts.deny ALL:ALL, hosts.allow sshd from localhost</li>
<li><strong>Port scan defense</strong> &mdash; nftables rate-limiting rules against SYN flood and port scanning</li>
<li><strong>Wireless hardening</strong> &mdash; WPS disabled, strong WPA supplicant defaults</li>
<li><strong>SSH strong ciphers</strong> &mdash; chacha20-poly1305, aes256-gcm only; ed25519 + sntrup761x25519 key exchange</li>
<li><strong><code>alfred-network-status</code></strong> &mdash; CLI dashboard showing firewall, MAC, SSH cipher status</li>
</ul>
<h3>Hook 0170 &mdash; Full Disk Encryption (4 Modules)</h3>
<ul>
<li><strong>LUKS2 support</strong> &mdash; cryptsetup + cryptsetup-initramfs installed and configured</li>
<li><strong>Strong defaults</strong> &mdash; aes-xts-plain64, sha512, 4096-bit key, argon2id KDF</li>
<li><strong>Calamares FDE</strong> &mdash; enableLuksAutomatedPartitioning checkbox enabled in installer</li>
<li><strong><code>alfred-encrypt-status</code></strong> &mdash; CLI tool to check encryption status of all block devices</li>
</ul>
<h3>Foundational Security</h3>
<ul>
<li><strong>Zero Telemetry</strong> &mdash; No phone-home, no crash reporting, no usage analytics. The OS does not contact any server unless you tell it to.</li>
<li><strong>24 CPU mitigations</strong> &mdash; Spectre v1/v2/BHI, Meltdown, MDS, TAA, MMIO, RFDS, SRBDS, L1TF, SSB, ITS, TSA, VMSCAPE compiled in</li>
<li><strong>16 boot parameters</strong> &mdash; init_on_alloc, init_on_free, slab_nomerge, pti=on, lockdown=integrity, debugfs=off, io_uring_disabled, tsx=off, vsyscall=none</li>
<li><strong>WireGuard Ready</strong> &mdash; VPN kernel module pre-loaded for encrypted mesh networking</li>
<li><strong>Auditable Build</strong> &mdash; Every ISO is built from a documented script. SHA-256 + BLAKE3 checksums are published for every release</li>
</ul>
<!-- ═══ ISO DETAILS ═══ -->
<h2 id="iso-details">Download &amp; Verify</h2>
<div class="info-card success">
<h4>Latest Release: Alfred Linux 4.0 RC8</h4>
<p>Download the ISO and verify the SHA-256 + BLAKE3 checksums before booting. Write to USB with <code>dd</code>, Balena Etcher, or Rufus.</p>
</div>
<div class="code-block">
<span class="comment"># Download</span>
wget https://alfredlinux.com/downloads/alfred-linux-4.0-rc8-amd64.iso
<span class="comment"># Verify checksum</span>
wget https://alfredlinux.com/downloads/alfred-linux-4.0-rc8-amd64.iso.sha256
sha256sum -c alfred-linux-4.0-rc8-amd64.iso.sha256
<span class="comment"># Verify BLAKE3 (install: cargo install b3sum)</span>
b3sum alfred-linux-4.0-rc8-amd64.iso
<span class="comment"># Expected: e021d2024599aa918972d9e6b9fd9c1d97d226ac69da035913fd7a462dbef47d</span>
<span class="comment"># Write to USB (replace /dev/sdX with your USB device)</span>
sudo dd if=alfred-linux-4.0-rc8-amd64.iso of=/dev/sdX bs=4M status=progress oflag=sync
<span class="comment"># Boot</span>
<span class="comment"># Restart your computer and boot from USB</span>
<span class="comment"># Select "Alfred Linux 4.0 (Live)" from the boot menu</span>
</div>
<!-- ═══ MOBILE ═══ -->
<h2 id="mobile">Alfred Linux Mobile (Android)</h2>
<p>Alfred Linux runs on Android phones and tablets — Samsung Galaxy S26 Ultra, Pixel, OnePlus, any device running Android 12+. No root required. Uses Termux + proot-distro to run a full Debian Bookworm environment with all Alfred components.</p>
<div class="info-card success">
<h4>What You Get on Mobile</h4>
<p><strong>Alfred IDE</strong> (powered by code-server — the same VS Code engine used by enterprise teams worldwide, running entirely on your device) &middot; <strong>Alfred Search</strong> (Meilisearch) &middot; <strong>Alfred Voice</strong> (Kokoro TTS) &middot; Full Linux terminal &middot; Python, Node.js, Git, and build tools. With Samsung DeX, plug into a monitor and you have a full desktop development environment.</p>
</div>
<h3>Quick Install</h3>
<div class="code-block">
<span class="comment"># 1. Install Termux from F-Droid (NOT Google Play)</span>
<span class="comment"># https://f-droid.org/en/packages/com.termux/</span>
<span class="comment"># 2. Open Termux and run:</span>
curl -fsSL https://alfredlinux.com/downloads/install-alfred-mobile.sh | bash
<span class="comment"># 3. After install, use these commands:</span>
alfred <span class="comment"># Enter Alfred Linux shell</span>
alfred-ide <span class="comment"># Launch Alfred IDE in browser</span>
alfred-info <span class="comment"># Show system info</span>
</div>
<h3>Requirements</h3>
<ul>
<li><strong>Android 12+</strong> (Samsung One UI 4+, Pixel 6+, etc.)</li>
<li><strong>4 GB free storage</strong> for the full Alfred environment</li>
<li><strong>Termux</strong> from F-Droid (the Google Play version is deprecated)</li>
<li><strong>Optional:</strong> Termux:Widget for home screen shortcuts</li>
<li><strong>Optional:</strong> Samsung DeX for desktop-mode IDE experience</li>
</ul>
<h3>Samsung DeX Integration</h3>
<p>When connected to an external display via USB-C or Miracast, Samsung DeX provides a desktop-like environment. Launch <code>alfred-ide</code>, open your browser, and you have a full VS Code IDE on a large screen — powered entirely by your phone. Alfred IDE runs on code-server, the same engine powering VS Code for the Web at major companies. The Samsung S26 Ultra with 12GB RAM and Snapdragon 8 Elite runs it smoothly.</p>
<h3>Architecture Notes</h3>
<p>Mobile Alfred Linux runs on <strong>ARM64 (aarch64)</strong> inside a proot container. The Debian userspace is real — you can install any Debian package with <code>apt</code>. The kernel is Android's, but everything above it is standard Debian Bookworm. This means:</p>
<ul>
<li>Full <code>apt</code> package manager — install anything from Debian repos</li>
<li>Python, Node.js, Ruby, Go, Rust — all work natively on ARM64</li>
<li>No root needed — proot translates system calls without kernel modifications</li>
<li>Persistent storage — your files survive Termux restarts</li>
<li>Network access — uses Android's network stack transparently</li>
</ul>
<!-- ═══ CONTRIBUTING ═══ -->
<h2 id="contribute">Contributing</h2>
<p>Alfred Linux is open source under the AGPL-3.0 license. Contributions are welcome and rewarded with GSM tokens.</p>
<h3>How to Contribute</h3>
<ul>
<li><strong>Report Bugs</strong> &mdash; Test the ISO and report any issues. Boot failures, hardware incompatibilities, broken features. 10-50 GSM per confirmed bug.</li>
<li><strong>Submit Patches</strong> &mdash; Fix bugs or add features via pull requests. 100-1,000 GSM per merged feature.</li>
<li><strong>Write Documentation</strong> &mdash; Help expand this documentation, write tutorials, create videos. 50-500 GSM per contribution.</li>
<li><strong>Test Hardware</strong> &mdash; Boot Alfred Linux on your hardware and report compatibility. We need coverage across laptops, desktops, and servers.</li>
<li><strong>Translate</strong> &mdash; Help bring Alfred Linux to your language. Localization is a priority for v3.0.</li>
</ul>
<h3>Build It Yourself</h3>
<div class="code-block">
<span class="comment"># Requirements: Debian/Ubuntu with sudo, 32GB RAM recommended, 50GB free disk</span>
<span class="comment"># Install dependencies</span>
sudo apt install live-build debootstrap squashfs-tools xorriso isolinux syslinux-common syslinux
<span class="comment"># Clone the build scripts</span>
git clone https://alfredlinux.com/forge/commander/alfred-linux.git
cd alfred-linux
<span class="comment"># Build the full RC8 ISO</span>
sudo bash scripts/build-unified.sh rc8
<span class="comment"># Output: iso-output/alfred-linux-4.0-rc8-amd64-YYYYMMDD.iso</span>
</div>
<div class="info-card">
<h4>Build Requirements</h4>
<p><strong>OS:</strong> Debian 12+ or Ubuntu 22.04+ &mdash; <strong>CPU:</strong> 4+ cores &mdash; <strong>RAM:</strong> 16 GB minimum (32 GB recommended) &mdash; <strong>Disk:</strong> 50 GB free &mdash; <strong>Time:</strong> ~15 minutes on modern hardware</p>
</div>
<h2 style="margin-top:4rem;">What's Next</h2>
<p>Alfred Linux v4.0 is the fully-loaded foundation. The next milestones are:</p>
<ul>
<li><strong>ARM64 build</strong> &mdash; Raspberry Pi 4/5 and Apple Silicon support</li>
<li><strong>Wayland desktop</strong> &mdash; XFCE on Wayland (wlroots) for the Alfred Desktop Environment</li>
<li><strong>Whisper STT integration</strong> &mdash; Voice input via OpenAI Whisper running locally on GPU</li>
<li><strong>Custom wake word model</strong> &mdash; Train a dedicated &ldquo;Hey Alfred&rdquo; model instead of using the built-in closest match</li>
<li><strong>GSM wallet &amp; mining</strong> &mdash; Built-in token wallet and compute contribution system</li>
<li><strong>Secure Boot signing</strong> &mdash; Microsoft-signed shim for Secure Boot compatibility</li>
<li><strong>Auto-update channel</strong> &mdash; alfred-update with delta/OTA patches instead of full ISO rebuilds</li>
</ul>
</main>
</div>
<!-- ═══ FOOTER ═══ -->
<footer>
<p>&copy; <?= $year ?> <a href="https://gositeme.com">GoSiteMe Inc.</a> &mdash; Alfred Linux &middot; Open Source (AGPL-3.0)</p>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink