UAC on Linux would require an almost fundamental architecture change, in a way contrary to most of how Linux is used now.

I would say the challenge is not in the architecture, but in the general fragmentation of the ecosystem. PolicyKit is basically an equivalent to UAC, but it’s not used universally by everything that needs elevated access.

I think the basic premise of this question, that Windows and Linux somehow have a different foundational security model that is or isn’t based on passwords, is not really true. Passwords play more or less the same role for any modern operating system – be it Linux, MacOS, Android, iOS, etc.

The only major difference is that instead of UAC, Linux has a variety of options (sudo, policykit, run0), which are implemented differently across different distributions. If your privileged user doesn’t have a password, in some cases this could lead to any program being able to elevate their privilege quietly, unlike UAC.

However, in many distributions you can set up a user with a password and enable passwordless local login, which would be almost equivalent to windows with no password.

Answering your question directly, the major threat to most consumer users is physical compromise or theft of device. Your statement that “physical access is game over” is not entirely accurate: disk encryption with a password is a very strong protection against unauthorized data access, but you need to use a password (doesn’t matter if it’s Linux or Windows).

I agree with other comments here, but, to be honest, this year has been really good! Expedition 33, Silksong, Hades, The Alters, Nightreign, Blue Prince, Dispatch, to name just a few.

Think about it this way: you’re downloading someone else’s code and running it on your system. The OS doesn’t care: it will give it access to everything your user has access to, but won’t give access to anything else.

So (under the caveat below) the software won’t be able to mess with your system because your user generally can’t mess with your system. However, you still need to trust the software, since it will be able to access e.g. your saved passwords, SSH keys, install a keylogger, etc. In comparison, the binary packages can be seen as safer, because they have more “eyes” on them, and there is more time between the code being published and you running that code on your system.

Caveat: if you run something like sudo make install, then, of course the risk is way higher, and the package definitely will be able to mess with your system up to and including destroying it.

flipping a coin fails spectacularly at making any decisions other than what to have for dinner

Dune Awakening. Not the best game in the world, but I have a group of friends and it’s fun to hang out and try to survive the desert together.

You’re definitely not alone. The rift caused by the so called “AI” is hard to cross with any sort of rational argument, it seems to be based largely on emotions, hype and herd mentality (which, some may say, is how top managers usually operate, see e.g. [1]).

My personal principle for a very long time has been to choose my battles, as in, trying to not get involved in causes that are not worth it based on perceived impact, required effort and chances of good outcome. The “AI” bubble has been especially frustrating, as it inhabits an extremum of the “very important, very low chances of success” quadrant.

Nevertheless, if you’re a hired employee or a contractor, it may be prudent to be pragmatic. How likely is it that you will be rewarded for doing something good for the company, such as convincing to change the stance on “AI”? How likely is it that instead you will be blamed for the inevitable fallout of the bubble, or just become a collateral, get laid off in the middle of what might be the biggest economic crash since 2008?

[1] https://www.wheresyoured.at/the-era-of-the-business-idiot/