When you run OpenSUSE, you can feel it was made by Germans.
The installer is a beautiful example of German engineering.
The package manager is a perfect example of German over-engineering.
If you run it with KDE, you have 2 redundant GUI admin tools for every config in the system, and 4 for setting up printers.
As the former owner of an E36 and then an E90 I can tell you that the more modern ones still piss oil just as badly. And the consequences can be much worse (read: expensive) to boot.
NixOS is for people who have accidentally uninstalled 90% of their system because they didn’t pay attention to what other packages depend on the thing they were uninstalling and were desperately looking for a an undo button.
I'm still a Linux noob all things considered, and I've been using NixOS for six months or more.
It is HARD, but I see the true value of it. I will never need to reinstall Linux because I broke it, that's simply impossible.
If I ever need to migrate my system, it's all backed up to github. With a single
Bash update.sh
every single .config file backed up, system upgraded, all packages updated.
I just love Nix, it's the perfect OS for me.
Now I just need to learn how to use flakes...
Sidebar: I've never asked before, but maybe someone can help me out. If I install a flake of an application, am I supposed to add it to the existing flake, or can I modulate flakes?
I've noticed when installing the nixvim flake it generates a new flake and it runs when I issue the
nix run ~/.dotfiles/nixvim/flake.nix
command, but I don't want to have to run that command every time. I feel like making a fish abbreviation isn't the correct way of doing this.
So I've only been using nix about a year and only used flakes. I use in two ways.
First, I have my main nix flake. Most everything is controlled from that. It has several outputs from full blown nixos builds per host or some home manager builds for non-nixos systems.
Third-party flakes I use as inputs to my own flake then use the override system to inject them into nixpkgs. Then I just install whatever like normal from nixpkgs. I can either override an existing pkg (neovim nightly replaces regular neovim for me), or you can just add as a new package to nixpkgs by using a different attribute name.
Second way is for projects with their own repo. I'll add a project flake that has a devshell with direnv so as soon as I enter that directory it sets up a sort of virtual environment just for that project. You can add outputs to it so others can use as a third-party flake.
I think I've put fedora on at least 4 personal systems and it has never caused an issue. It's so smooth it's boring in the best way. Switched to it for daily computing about 4 years ago. I use a minipc as a media server with Arch and turning it on it's exciting. Just this fucking morning the default configuration decided that my main audio device was a microphone. Lovely. So flexible.
On the other hand, my server running Arch testing has never had any issues. In fact, the only issue on any of my devices, all Arch testing, was nvidia.
This is a YMMV situation. I had Gentoo running on a minipc for a while and it never had any random issues pop up. Any screw up was fully traceable to configuration and entirely my fault. It was kinda funny. Hope your server stays healthy.
I mean, I'm on Debian and I'm on the same install instance I've had for almost four years now. I'm constantly reading about how some of you people keep hosing your other distros with a normal update...
Real. Though sometimes running a recent version of something is a real challenge, unless it ships in appimage. If it’s a small program you can usually backport the package from unstable or just build it yourself, but if it depends on some rust or js libraries or whathaveyou you have to do so much crap you might as well just be running trixie
I think the age of distros shipping severely broken updated is over. And it was always, ALWAYS grub that broke after an update on mint and opensuse 10 years ago for me.
I'll never stop hating that debian is labeled stable. I'm fully aware that they are using the definition of stable that simply means not updating constantly but the problem is that people conflate that with stability as in unbreaking. Except it's the exact opposite in my experience, I've had apt absolutely obliterate debian systems way too often. Vs pacman on arxh seems to be exceptionally good at avoiding that. Sure the updated package itself could potentially have a bug or cause a problem but I can't think of any instance where the actual process of updating itself is what eviscerated the system like with apt and dpkg.
And even in the event of an update going catastrophically wrong to the point that the system is inoperable I can simply chroot in use a statically built binary pacman and in a oneliner command reinstall ALL native packages in one go which I've never had not fix a borked system from interrupted update or needing a rollback
You are maybe conflating stability with convenience.
"Why is this stable version of my OS unstable when I update and or install new packages...."
The entire OS falling down randomly on every distribution during normal OS background operations was always an issue or worry, and old Debbie Stables was meant to help make linux feel reliable for production server use, and it has done a decent job at it.
I mean when I can take an Arch Linux installation that I forgot about on my server and is now 8 years out of date and simply manually update the key ring and then be up to date without any issue but every time I've ever tried to do many multiple major version jumps on debian it's died horrifically... I would personally call the latter less stable. Or at least less robust lol.
I genuinely think that because Arch Linux is a rolling distribution that it's update process is just somehow more thorough and less likely to explode.
The last one with debian was a buster to bookworm jump. Midway through something went horrifically wrong and dpkg just bailed out. The only problem was that it somehow during all of that removed the entirety of every binary in /bin. Leaving the system completely inoperable and I attempted to Google for a similar solution as arch. Where i could chroot in and fix it with one simple line. But so far as I was able to find there is no such option with apt/dpkg. If I wanted to attempt to recover the system it would have been an entirely manual Endeavor with a lot of pain.
I would also personally label having the tools to recover from catastrophic failure as being an important part of stability especially when people advocate for things like Debian in a server critical environment and actively discourage the use of things like Arch
If the only thing granting at the title of stability is the lack of update frequency that can simply be recreated on Arch Linux by just not updating frequentlyಠ_ಠ
No opinion on Debian but as a heavy ArchLinux user I should point out you shouldn't upgrade without reading the news as occasionally manual intervention is required. Upgrades can and will break things if you're not careful.
I mean when I can take an Arch Linux installation that I forgot about on my server and is now 8 years out of date and simply manually update the key ring and then be up to date
That won't work, old pacman versions can't deal with the fact that packages are now zstandard compressed. In fact, the window were you could successful do the update without a whole bunch of additional work was something like a couple of months. Certainly a whole lot less than a year.
I mean, if you want to use your system pacman sure. But you can just download the latest statically built pacman to do the large jump without issues. However i will concede that is more than JUST keyring update
Edit: another fun way to get around that issue pretty easily. Boot any up to date arch installer, mount the old ass system root to /mnt and just run
pacman -Sy
pacman --sysroot /mnt
Now just normal syu and the live environment pacman will update the old system, arch/pacman has a plethora of easy ways to get around what would otherwise be show stoppers on apt/dpkg :)
While I personally agree with your sentiment, and much prefer arch to debian for my own systems, there is one way where debian can be more stable. When projects release software with bugs I usually have to deal with those on Arch, even if someone else has already submitted the bug reports upstream and they are already being worked on. There are often periods of a couple of weeks where something is broken - usually nothing big enough to be more than a minor annoyance that I can work around. Admittedly, I could just stop doing updates when everything seems to be working, to stay in a more stable state, but debian is a bit more broadly and thoroughly tested. Although the downside is that when upstream bugs do slip through into debian, they tend to stay there longer than they do on arch. That said, most of those bugs wouldn't get fixed as fast upstream if not for rolling distro users testing things and finding bugs before buggy releases get to non-rolling "stable" distros.
I honestly don't see this thorough testing. Not for a lot of apps I use anyway. It's normal tbf even with 2 year you can't thoroughly test every package for every bug, so you're stuck with very old bugs a lot more often than people think. And on top of that some packages are so old that instructions you find on their git pages or wherever are too new and don't work.
Straight to bookworm. Sounds like that's not supported but that just further shows why i don't find it to be a functionally stable, or perhaps reliable is a better wording, system. But that's also just my opinion
FWIW I've got a Debian server that hosts most of my sites and primary DNS server, that's been running since Etch (4.0, 2007ish). I've upgraded it over the years, switched from a dedicated server to OpenVZ to KVM, and it's still running today on Bookworm. No major issues with upgrades.
It's definitely not something that will happen 100%. I've also had long standing debian systems that seem to not care. However I've had plenty that, for whatever reason couldn't handle multiple major version hops and just eviscerated themselves, I've not had that with arch personally. You may need to download the latest statically built pacman depending on how old it is but that and a keyring update usually has you covered
However I've had plenty that, for whatever reason couldn't handle multiple major version hops
Debian only supports upgrading one major version at a time. If you're upgrading from Debian 10 to 12, you need to first do 10 to 11, then 11 to 12. Upgrading multiple versions at a time is completely untested and unsupported.
They really should have used the word "static" instead of stable. Stable definitely has connotations of functional stability, and unstable of functional instability.
depends on workload. Debian has very old packages and can be insecure but it is a set it and forget it type of thing, it is good when uptime is critical for a server. For desktops, or servers that need better security, but can tolerate a little downtime, rolling releases are good too, if you are enough to update frequently, and you should, since updates usually contain a lot of patched vulrenabilities
Good point! But I recently swapped to Debian 12 from Fedora 41. The latter needing constant updates several times a day. And despite this, it was not stable at all.
Fedora is good on laptops since it has the very newest kernel and thus includes all the latest driver fixes (which are needed for laptops like the Framework where they're actively improving things). On the other hand, it has the very newest kernel and thus includes all the latest bugs.
Can i get some context please? My fedora install wasn't using TPM, i had to manually configure it; i haven't noticed any difference in boot speed with or without TPM encryption
I want to have data-at-rest encryption, so that the only password i need to insert is my user one, this allows me to not have to type passwords multiple times. If i had the regular encryption password i would have to enable autologin in SDDM, which would do away with the encryption on kdewallet and all my credentials.
Plus i also enable secureboot, and use fedora kinoite, so that i is hard to tamper with my boot stuff without my TPM wiping itself off my encryption password, this gives me a very Bitlocker-like setup, but without the shittiness of having my encryption keys linked to microsoft's terrible encryption system and user accounts, i can actually control my stuff like this. For a laptop, i must say data-at-rest encryption is a must!
This setup gives me multiple security layers; took my laptop off me -> booted my laptop, faced with user password -> tried to boot another OS, TPM wiped itself, no more encryption key -> computer now asks for encryption password, has to find a way around LVM2 encryption -> LVM2 encryption (somehow) defeated they must now crack my user password, or have to (try) to decrypt my credentials on the file system itself; after all these convoluted and extremely hard steps i think we can agree this person really deserves to have access to my cool wallpapers
Yeah, i know; EUFI computers really suck, turning away the script kiddies and most people that would steal this computer from my data is is the most i can with this thing
I've been using Arch since 2014. If I could be arsed, I could write you a looooooooong list of regressions I've had to deal with over the years. For an experienced Linux user, they're usually fairly easy to deal with, but saying you never have to deal with anything is just a lie.
My experience with Arch is basically: it's all very predictable until it isn't and you suddenly find yourself troubleshooting something random like unexplainable bluetooth disconnects caused by a firmware or kernel update.
What you've said is true, though it's a bit of a trade-off -- over the years I've wasted so many hours with those "user friendly" distros because I need a newer version of a dependency, or I need to install something that isn't in the repos. Worst case I have to figure out how to compile it myself.
It's very rare to find something that isn't in the Arch official repos or the AUR. Personally I've found that being on the bleeding edge tends to save me time in the long run, as there's almost no barriers to getting the packages that I need.
What you’ve said is true, though it’s a bit of a trade-off
Yes, and that's why after more than 10 years I still use Arch. I like having the latest version of things and I'm confident enough in my abilities that I know that if something breaks I can always either find a fix, or at least identify the offending package, hold it back, report the bug and wait for the issue to be resolved.
There are times where it can be trying though. The first plasma 6 releases for example were rough. More recently, I've also been having issues with 6.11 and 6.12 kernels and my ax200 wifi that I only recently found a fix to. My wifi would freeze whenever I started streaming video from the PC to my TV, but only in kernels after 6.11. Turning off TCP segmentation offloading with ethtool resolved it (ethtool -K wlan0 tso off). You don't want to know how long I had been pulling my hair out at that issue until I found the fix.
That's such a cop-out answer and totally missing the point. I've run Arch on 4 different systems, and yes I had different issues on each and sometimes issues that hit across the board.
At the end of the day, whether or not this was just my personal experience doesn't matter. What matters is that the issues were always caused by what Arch is: a unstable rolling release distro that pushes out the latest version of upstream packages, bugs and all. Sooner or later some will hit you, telling yourself and other people otherwise is deluding yourself and those people.
Here's the thing: your answer is both invalidating and ignorant, and it shows a lack of understanding of what differentiates Arch from a stable distro.
My wifi, that had been working fine since I installed this computer in 2020, broke in kernel 6.11 and 6.12 because Arch pushed those updates.
Early plasma 6.0 releases were rough as balls for months, because Arch pushed those updates.
My bluetooth, that had been working since I installed this computer in 2020, started to randomly disconnect sometime last year due to buggy firmware updates because Arch pushed those updates.
Hell even plain old intel ethernet on my old system from 2014 suddenly started hanging up under load a year or two ago (never found the cause, did find a workaround).
None of these issues were a fault of my own, all I did was pacman -Syu, and none of this would happen on a stable distro. I'm not saying Arch is shit because of this, I'm saying: beware of what you are getting into when you choose Arch: for every single package on your system, you are effectively at the mercy of whatever "upstream" decides to shit out that week. Being delusional about that fact and having guys come crawling out of the woodworks everytime this is mentioned, saying platitudes like: "I nEvEr HaD aN iSsUe" doesn't help anyone.
i started learning about linux 4 months ago. Installed Arch with archinstall pretty easily to a VM, it booted up no problem. But you have to manually install the desktop, if you want a gui (who doesn't lol). But there are many desktops for Arch, the most common ones have pretty good documentation. But if i were you, i'd experiment with some more niche desktop emviroments
You did, probably just didn't see it ;)
It's been part of it for years, since around 2020 according to GitHub.
But to be fair, calling the option "Profile" might not be very intuitive for some people, so it's easy to miss.
I haved used many distros and DEs. my favorites are keyboard driven like i3 and such. For now i use fedora because i needed something to work out of the box. I would like to stay in the terminal.
Weird. I promptly tried Fedora and switched to Tumbleweed after Fedora kept crashing soon after startup. Hardware configuration probably affects the outcome a lot.
The only fair comparison of Linux distros is always on devices of Linux vendors as they both pick the right hardware as well as merge Kernel patches if necessary.
I do however concur that OpenSuse offers basically everything. Except for intuitive system settings - but at least they're all there, you never really have to use the CLI. Other than with others who will eventually lack something. Also the bootable btrfs snapshots by default are a dream for common users.
I think random freezing is one of the symptoms of installing it with Ventoy. Ventoy mucks up one of the installer flags or something like that, so even the wiki indicates it's not supported. (Neither is installing it from the Live tester, if I'm not mistaken.)
Correct! Ventoy adds boot parameters on its own, screwing up some fundamental settings (sth. that can happen on any distro that isn't making the user configure everything by hand). It's also a questionable piece of software on its own given the binary blob it adds to every stick… do not use it.
Fedora is security? I mean, don't get me wrong, I love it, it's my daily driver after trying just about every distro under the sun, but I would've figured something like Qubes would stand head and shoulders above it.
Fedora has firewalld by default but in the desktop version all ports are open by default. Pretty sure the server version only has ssh and cockpit exposed by default
I haven't looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn't everything.
I don't know if it ships with a firewall, but that's definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.
Yea, but there are also some things AppArmor just can't do. Although in my experience most aren't as big of a deal. Things like saying "only processes of this type can bind to port X" for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?
I mean, image based (immutable) distros are quite a bit more secure than regular ones, and Fedora Atomic (Silverblue, Bazzite, etc.) is pretty much the only great choice when it comes to those kind of operating systems.
No no, of course they all do. Fedora just comes with SELinux out of the box, probably still a consequence of it once being downstream of Red Hat Enterprise Linux, before IBM came.
there are many distros with even better or similiar security as fedora. The least secure ones are Ubuntu and distros based on it, and Debian stable. Even less secure are any inactive distro. But in general, most distros can be hardened, some more, some less. Like i can harden my Android phone similiar to Arch's level. (yes, i also use custom kernel on my phone, the most secure one for my device)
Debian? Insecure? It's only as insecure as you make it. The default minimal installation from the netinstall CD has barely anything running - not even SSH unless you explicitly select it during installation.
I think it means that OpenSUSE is "all of the above"—stability, flexibility, security—because those are qualities frequently attributed to German things/products.
It isn't really a joke in the sense of it making fun of Germany or anything like that.
SUSE was a German company a century ago, then it changed hands more than a soap bar in a public restroom and now I have no idea if it’s even a terrestrial company anymore
Check the comment from superkret, basically overengineered, redundant and not very intuitive.
I work in german SW development, so I understand. I would put it like this, german backends are among the best you can find but german frontends are usually complicated and not intuitive...
The main problem is the way YaST2 is (not) integrated with the modern KDE and Gnome settings. Gnome 40 then screwed things up even more for them as every item is now part of the overview, there ain't the classical menu anymore.
If you know where to find things it's great, but right now it indeed feels quite messy with lots of settings hard to find and split in lots of submenus.
More accurate i would describe Fedora is:
Adopting Modern features first(Wayland,pipewire,etc Like there is no x mode in most stable Wayland desktops) and only having free and open source Repos(Rpmfusion can be added but its not official and excludes the Kernel drivers).
I think, a more serious attempt to summarize openSUSE would probably be: Functionality
Debian, Arch, Fedora and such are all weirdly similar in that they focus so much on minimalism. For example, Debian uses dash as the default shell, which breaks TTYs, but possibly squeezes out a tiny bit of performance, so I guess, that's worth it...?
Debian only uses dash for the system shell, and it does improve performance a bit given how many shell scripts run on a typical Linux system. Interactive shell is still set to Bash by default.
Sure, it's still just certainly a choice. It took me multiple years to realize why it's so broken on TTYs, as well as when you run newgrp and probably other places.
I thought Linux just sometimes goes into this buggy state, where you can't make any typos. At one point, I broke my GUI session and had to fix it, typing commands off of my phone screen, without making any typos.
Learning that this is Working As Intended™ just killed me...
These days, I know that you can just run bash (or your shell of choice) to get out of this buggy state, and I still set bash as the system shell when I have to use a Debian-based system, because I just do not care about however much performance it brings in.
i used Tumbleweed with KDE. It is something i can recommend. Not that customizable, but it has tons of features and very stable for a rolling distro. It only breaks if you try to customize stuff too much
Mint: come for the ease of installation and use, stay because it’s just Ubuntu and Debian under the hood so it has tons of support, and the terminal is right there if you need to out so some real shit.
I think mine doesn’t roll off the tongue in quite the same way.
You're confusing security with privacy. While distros you mentioned are great for preventing ISPs and governments from spying on you (privacy), they're not really any better at preventing hackers from exploiting your vulnerable web server than fedora (security).
no, Qubes, Bazzite, Garuda were made with security in mind. Containerization, selinux enforcing, hash checks, address space layout randomization is also built in. These are all more secure than Fedora. Qubes for example, uses vm containers to completly isolate every app, so the system is almost impossible to compromise by malware or hacking. Bazzite uses immutable root file system, much like stock android. it may not along well with unix philosophies, but there isn't really a way for a malicious code to run with elevated privilages or to manipulate system files. Garuda automatically creates snapshota from the system, so if it is compromised, it can be rolled back quickly. Snapshots for external devices or cloud are supported as well. It uses zram compression on swap, this helps avoid data leakages to the disk, so makes sure that after a reboot, every session quits, since data from ram can't leak on the disk. it also uses firejail and chaotic aur sandboxing. There is a smaller support for secure boot too. So these are all highly secure operating systems. And to some degree, privacy and security overlap each other.
Tails in itself is reasonably secure too, but it was mostly designed for use with public computers and forensics, and ofc to conceal network activity that might seem suspicious. And it is a good solution if you need a portable linux, and your android phone is not a good choice for your use case.
I'm not really expert in this topic, but as far as I know tails is amnesiac os that forgets everything on reboots for example. Both whonix and tails also routes your traffic through TOR which helps hiding your identity.
Concerning other mentioned distros and also security wise, this comment explains it lot better than I would: https://lemmy.zip/comment/15305364
Are *buntu flavors risky for my workstation? Should I be considering Fedora?
Why would they be risky? O.o They're the preferred workstation setup at my place because Ubuntu is spread enough that it can be relied upon to be the distro admins have the most experience with (which is a self-perpetuating thing, I am aware).
If you're cannot parse the configuration file, you don't update. It is perfectly, 100% stable, about 60% of the time (when I change my config file without an error).
nixOS appeals to niche audiences who like to brag about it. I think it is not a good idea to base everything on config files, since there is a lot of room for user error
You've literally described Linux. Wasn't even a week ago we had a circle jerk on here about how great it is that everything on Linux is an ascii file (technically inaccurate on most distros) rather than a nasty nasty database where the most you can fuck up at a time is a single entry vs breaking the schema of an entire file.
When you run OpenSUSE, you can feel it was made by Germans.
The installer is a beautiful example of German engineering.
The package manager is a perfect example of German over-engineering.
If you run it with KDE, you have 2 redundant GUI admin tools for every config in the system, and 4 for setting up printers.
Yeah that sounds like a typical BMW engine layout.
It's amazing how OpenSUSE got my laptop's valve covers to leak oil.
As the owner of many old German cars this is funny but only because it means no one read the technical manual that came with the car
As the former owner of an E36 and then an E90 I can tell you that the more modern ones still piss oil just as badly. And the consequences can be much worse (read: expensive) to boot.
Hey the BMW engine that had 2 redundant everything was pretty awesome because half the engine could die and it'd keep going as an inline 6. It was 2 of everything. ECU, Distributor, even fuel pumps and rails
Except they seemingly come without the right blinker, but BMW drivers only ever need the left one anyways, and it might as well be stuck in "on".
I can hear this gif. I guess it’s time to have my colonoscopy.
Thank you for the nostalgia
Die Kommentarspalte dieser Pfostierung befindet sich ab sofort im Besitz der Bundesrepublik Deutschland meine Kameraden!
Ahoi, Genosse! Wie läuft die Germanisierung? Verbreiten Sie erfolgreich das Wort von Linux in Ihrem Heimatland?
(Übersetzung von DeepL)
Anti Commercial-AI license
Ohhh ich spreche auch Wurst. Wie geht es ihnen mein Herr, toetet den fuehrer und benutzt Linux statt Fenster.
Wir sprechen Kraut, bitte sehr.
Ich bevorzuge:
𝕯𝖎𝖊𝖘𝖊 𝕶𝖔𝖒𝖒𝖊𝖓𝖙𝖆𝖗𝖘𝖊𝖐𝖙𝖎𝖔𝖓 𝖎𝖘𝖙 𝖓𝖚𝖓 𝕰𝖎𝖌𝖊𝖓𝖙𝖚𝖒 𝖉𝖊𝖗 𝕭𝖚𝖓𝖉𝖊𝖘𝖗𝖊𝖕𝖚𝖇𝖑𝖎𝖐 𝕯𝖊𝖚𝖙𝖘𝖈𝖍𝖑𝖆𝖓𝖉
Falsches s, 7/10
Nein, das ist nicht gut!
Terminal, Terminal, Terminal, German Terminal
Console, Console, Console, Konsole
Konsole must be a KDE app, but since KDE is a German project...
Hmm... k.de
Helau! Ach warte...
Isn't it kool?
oh no, now I will always read K-app names in a german voice. Specifically this guys voice https://youtu.be/WpiYnupud34
do you use lynx for web browsing?
Who doesn’t?
I mean version 2.9.2 just came out in May.
i tried living in the terminal but i had no one to talk to
We’re in your terminal: https://github.com/LunaticHacker/lemmy-terminal-viewer
sadly based on the latest issues submitted and my experience, the app no longer works: https://github.com/LunaticHacker/lemmy-terminal-viewer/issues/11
😍
If you have a decent GPU or CPU, you can just set up ollama with ollama-cuda/ollama-rocm and run llama3.1 or llama3.1-uncensored.
I have a ryzen 5 laptop. not really decent enough for that workload. and im not crazy about AI.
I bet even my Pi Zero W could run such a model*
* with 1 character per hour or so
*Links 🇩🇪
??
Links means Left in german. Same pronunciation. Bilingual play on words if you will.
oh lol. what is right in german?
Rechts
Germinal?
Nixos: everything everywhere all at once
Good for you there wasn't an "ease of use" or "intuitive" field.
nixOS is for people who love config files
NixOS is for people who have accidentally uninstalled 90% of their system because they didn’t pay attention to what other packages depend on the thing they were uninstalling and were desperately looking for a an undo button.
I'm still a Linux noob all things considered, and I've been using NixOS for six months or more.
It is HARD, but I see the true value of it. I will never need to reinstall Linux because I broke it, that's simply impossible.
If I ever need to migrate my system, it's all backed up to github. With a single
every single .config file backed up, system upgraded, all packages updated.
I just love Nix, it's the perfect OS for me.
Now I just need to learn how to use flakes...
Sidebar: I've never asked before, but maybe someone can help me out. If I install a flake of an application, am I supposed to add it to the existing flake, or can I modulate flakes?
I've noticed when installing the nixvim flake it generates a new flake and it runs when I issue the
command, but I don't want to have to run that command every time. I feel like making a fish abbreviation isn't the correct way of doing this.
So I've only been using nix about a year and only used flakes. I use in two ways.
First, I have my main nix flake. Most everything is controlled from that. It has several outputs from full blown nixos builds per host or some home manager builds for non-nixos systems.
Third-party flakes I use as inputs to my own flake then use the override system to inject them into nixpkgs. Then I just install whatever like normal from nixpkgs. I can either override an existing pkg (neovim nightly replaces regular neovim for me), or you can just add as a new package to nixpkgs by using a different attribute name.
Second way is for projects with their own repo. I'll add a project flake that has a devshell with direnv so as soon as I enter that directory it sets up a sort of virtual environment just for that project. You can add outputs to it so others can use as a third-party flake.
My main starting point was https://github.com/Misterio77/nix-config for this design.
Me a guy who has been using linux for 5 years: are you challenging me? (I’ve broken NixOS twice at this point)
NixOS is from Max Verstappen country not Sebastian Vettel country
you don't even need to know where, you don't even need to know when. that's how every it gets
ITT - "I DISAGREE WITH THE FACTUAL ACCURACY OF THE SETUP AND/OR PUNCHLINE OF YOUR JOKE."
What else do you expect from germans? Ich bin stolz auf euch, jungs.
I think I've put fedora on at least 4 personal systems and it has never caused an issue. It's so smooth it's boring in the best way. Switched to it for daily computing about 4 years ago. I use a minipc as a media server with Arch and turning it on it's exciting. Just this fucking morning the default configuration decided that my main audio device was a microphone. Lovely. So flexible.
I eventually landed on Fedora too. Its level of "it just works" is amazing.
Right!? Almost everything I need is one dnf command away with minimal setup on my part.
On the other hand, my server running Arch testing has never had any issues. In fact, the only issue on any of my devices, all Arch testing, was nvidia.
This is a YMMV situation. I had Gentoo running on a minipc for a while and it never had any random issues pop up. Any screw up was fully traceable to configuration and entirely my fault. It was kinda funny. Hope your server stays healthy.
I mean, I'm on Debian and I'm on the same install instance I've had for almost four years now. I'm constantly reading about how some of you people keep hosing your other distros with a normal update...
Four years? Some rookie numbers you got there.
Maybe they mean four year uptime...
Some of us were riding Windows 7 into the ground, specifically when Steam stopped supporting it.
Real. Though sometimes running a recent version of something is a real challenge, unless it ships in appimage. If it’s a small program you can usually backport the package from unstable or just build it yourself, but if it depends on some rust or js libraries or whathaveyou you have to do so much crap you might as well just be running trixie
Couldn't Distrobox get you through that?
Sure, but honestly I hate the idea of having different runtimes. That’s the reason why I like neither snaps nor flatpaks.
Lol, I ran 5 years on arch without a break.
Now 6 months of Bazzite without a break.
I think the age of distros shipping severely broken updated is over. And it was always, ALWAYS grub that broke after an update on mint and opensuse 10 years ago for me.
I'm hitting 4 on a rolling release
I'll never stop hating that debian is labeled stable. I'm fully aware that they are using the definition of stable that simply means not updating constantly but the problem is that people conflate that with stability as in unbreaking. Except it's the exact opposite in my experience, I've had apt absolutely obliterate debian systems way too often. Vs pacman on arxh seems to be exceptionally good at avoiding that. Sure the updated package itself could potentially have a bug or cause a problem but I can't think of any instance where the actual process of updating itself is what eviscerated the system like with apt and dpkg.
And even in the event of an update going catastrophically wrong to the point that the system is inoperable I can simply chroot in use a statically built binary pacman and in a oneliner command reinstall ALL native packages in one go which I've never had not fix a borked system from interrupted update or needing a rollback
You are maybe conflating stability with convenience.
"Why is this stable version of my OS unstable when I update and or install new packages...."
The entire OS falling down randomly on every distribution during normal OS background operations was always an issue or worry, and old Debbie Stables was meant to help make linux feel reliable for production server use, and it has done a decent job at it.
I mean when I can take an Arch Linux installation that I forgot about on my server and is now 8 years out of date and simply manually update the key ring and then be up to date without any issue but every time I've ever tried to do many multiple major version jumps on debian it's died horrifically... I would personally call the latter less stable. Or at least less robust lol.
I genuinely think that because Arch Linux is a rolling distribution that it's update process is just somehow more thorough and less likely to explode.
The last one with debian was a buster to bookworm jump. Midway through something went horrifically wrong and dpkg just bailed out. The only problem was that it somehow during all of that removed the entirety of every binary in /bin. Leaving the system completely inoperable and I attempted to Google for a similar solution as arch. Where i could chroot in and fix it with one simple line. But so far as I was able to find there is no such option with apt/dpkg. If I wanted to attempt to recover the system it would have been an entirely manual Endeavor with a lot of pain.
I would also personally label having the tools to recover from catastrophic failure as being an important part of stability especially when people advocate for things like Debian in a server critical environment and actively discourage the use of things like Arch
If the only thing granting at the title of stability is the lack of update frequency that can simply be recreated on Arch Linux by just not updating frequentlyಠ_ಠ
No opinion on Debian but as a heavy ArchLinux user I should point out you shouldn't upgrade without reading the news as occasionally manual intervention is required. Upgrades can and will break things if you're not careful.
https://archlinux.org/news/openblas-0323-2-update-requires-manual-intervention/
https://archlinux.org/news/ansible-core-2153-1-update-may-require-manual-intervention/
https://archlinux.org/news/incoming-changes-in-jdk-jre-21-packages-may-require-manual-intervention/
That won't work, old pacman versions can't deal with the fact that packages are now zstandard compressed. In fact, the window were you could successful do the update without a whole bunch of additional work was something like a couple of months. Certainly a whole lot less than a year.
I mean, if you want to use your system pacman sure. But you can just download the latest statically built pacman to do the large jump without issues. However i will concede that is more than JUST keyring update
Edit: another fun way to get around that issue pretty easily. Boot any up to date arch installer, mount the old ass system root to /mnt and just run
pacman -Sy
pacman --sysroot /mnt
Now just normal syu and the live environment pacman will update the old system, arch/pacman has a plethora of easy ways to get around what would otherwise be show stoppers on apt/dpkg :)
While I personally agree with your sentiment, and much prefer arch to debian for my own systems, there is one way where debian can be more stable. When projects release software with bugs I usually have to deal with those on Arch, even if someone else has already submitted the bug reports upstream and they are already being worked on. There are often periods of a couple of weeks where something is broken - usually nothing big enough to be more than a minor annoyance that I can work around. Admittedly, I could just stop doing updates when everything seems to be working, to stay in a more stable state, but debian is a bit more broadly and thoroughly tested. Although the downside is that when upstream bugs do slip through into debian, they tend to stay there longer than they do on arch. That said, most of those bugs wouldn't get fixed as fast upstream if not for rolling distro users testing things and finding bugs before buggy releases get to non-rolling "stable" distros.
I honestly don't see this thorough testing. Not for a lot of apps I use anyway. It's normal tbf even with 2 year you can't thoroughly test every package for every bug, so you're stuck with very old bugs a lot more often than people think. And on top of that some packages are so old that instructions you find on their git pages or wherever are too new and don't work.
It's funny that your phone auto corrected or you typed a capital E out of habit. I imagine you talk about Endeavor OS a lot lol.
Was using voice to text, it auto capitalizes words at absolute random. However yes i do use EndeavorOS so it comes up from time to time :p
Did you go buster -> bullseye -> bookworm or just straight to bookworm? It sounds like something got screwed up with the usr merge.
Straight to bookworm. Sounds like that's not supported but that just further shows why i don't find it to be a functionally stable, or perhaps reliable is a better wording, system. But that's also just my opinion
FWIW I've got a Debian server that hosts most of my sites and primary DNS server, that's been running since Etch (4.0, 2007ish). I've upgraded it over the years, switched from a dedicated server to OpenVZ to KVM, and it's still running today on Bookworm. No major issues with upgrades.
It's definitely not something that will happen 100%. I've also had long standing debian systems that seem to not care. However I've had plenty that, for whatever reason couldn't handle multiple major version hops and just eviscerated themselves, I've not had that with arch personally. You may need to download the latest statically built pacman depending on how old it is but that and a keyring update usually has you covered
Debian only supports upgrading one major version at a time. If you're upgrading from Debian 10 to 12, you need to first do 10 to 11, then 11 to 12. Upgrading multiple versions at a time is completely untested and unsupported.
They really should have used the word "static" instead of stable. Stable definitely has connotations of functional stability, and unstable of functional instability.
depends on workload. Debian has very old packages and can be insecure but it is a set it and forget it type of thing, it is good when uptime is critical for a server. For desktops, or servers that need better security, but can tolerate a little downtime, rolling releases are good too, if you are enough to update frequently, and you should, since updates usually contain a lot of patched vulrenabilities
Average Grandaddy Stable distro hater
To me the issue is the people calling a system stable because it is reliable, even if it updates unpredictably to changing functionality.
Good point! But I recently swapped to Debian 12 from Fedora 41. The latter needing constant updates several times a day. And despite this, it was not stable at all.
Fedora is good on laptops since it has the very newest kernel and thus includes all the latest driver fixes (which are needed for laptops like the Framework where they're actively improving things). On the other hand, it has the very newest kernel and thus includes all the latest bugs.
... and the latest security patches
Debian also has the latest security patches
The four fundamental Ys
Fedora 41 is now the 'wait 45 seconds every boot because you don't have a tpm chip' version.
Can i get some context please? My fedora install wasn't using TPM, i had to manually configure it; i haven't noticed any difference in boot speed with or without TPM encryption
Why wouldn't you just use a password?
I want to have data-at-rest encryption, so that the only password i need to insert is my user one, this allows me to not have to type passwords multiple times. If i had the regular encryption password i would have to enable autologin in SDDM, which would do away with the encryption on kdewallet and all my credentials.
Plus i also enable secureboot, and use fedora kinoite, so that i is hard to tamper with my boot stuff without my TPM wiping itself off my encryption password, this gives me a very Bitlocker-like setup, but without the shittiness of having my encryption keys linked to microsoft's terrible encryption system and user accounts, i can actually control my stuff like this. For a laptop, i must say data-at-rest encryption is a must!
This setup gives me multiple security layers; took my laptop off me -> booted my laptop, faced with user password -> tried to boot another OS, TPM wiped itself, no more encryption key -> computer now asks for encryption password, has to find a way around LVM2 encryption -> LVM2 encryption (somehow) defeated they must now crack my user password, or have to (try) to decrypt my credentials on the file system itself; after all these convoluted and extremely hard steps i think we can agree this person really deserves to have access to my cool wallpapers
Secure boot and TPM aren't known for there robust security. In fact, I'd wager that your machine is probably vulnerable.
https://www.bleepingcomputer.com/news/security/bootkitty-uefi-malware-exploits-logofail-to-infect-linux-systems/
Or for that matter, it is possible that your secure boot keys have been leaked or that your TPM is vulnerable to sniffing.
Yeah, i know; EUFI computers really suck, turning away the script kiddies and most people that would steal this computer from my data is is the most i can with this thing
Probably only affects a small number of AMD machines.
so if it probably affects only a small number of specific hw platforms, you cannot state fedora as "now wait 40 seconds" distro.
i'm also not using the tpm chip, no issues.
What's wrong with your Fedora installation? Mine doesn't do that (also without a TPM chip)
Seems to be specific to some AMD models. I'm running it on a ~ten year old Asus. Timeout waiting for tpm as seen in someone else's post at https://discussion.fedoraproject.org/t/much-longer-boot-time-after-updating-to-fedora-41/132603/15
Problem only occurred after upgrading from 40 to 41 - can be seen by pressing Esc while it's booting.
Fedora shouldn't be touching the TPM at all
that's annoying. my laptop has TPM and i also encrypted the disk
Flexibility translates to unpredictable.
Just expect it to break, then it will behave as expected taps head
I've been using Arch since 2014. If I could be arsed, I could write you a looooooooong list of regressions I've had to deal with over the years. For an experienced Linux user, they're usually fairly easy to deal with, but saying you never have to deal with anything is just a lie.
My experience with Arch is basically: it's all very predictable until it isn't and you suddenly find yourself troubleshooting something random like unexplainable bluetooth disconnects caused by a firmware or kernel update.
What you've said is true, though it's a bit of a trade-off -- over the years I've wasted so many hours with those "user friendly" distros because I need a newer version of a dependency, or I need to install something that isn't in the repos. Worst case I have to figure out how to compile it myself.
It's very rare to find something that isn't in the Arch official repos or the AUR. Personally I've found that being on the bleeding edge tends to save me time in the long run, as there's almost no barriers to getting the packages that I need.
Yes, and that's why after more than 10 years I still use Arch. I like having the latest version of things and I'm confident enough in my abilities that I know that if something breaks I can always either find a fix, or at least identify the offending package, hold it back, report the bug and wait for the issue to be resolved.
There are times where it can be trying though. The first plasma 6 releases for example were rough. More recently, I've also been having issues with 6.11 and 6.12 kernels and my ax200 wifi that I only recently found a fix to. My wifi would freeze whenever I started streaming video from the PC to my TV, but only in kernels after 6.11. Turning off TCP segmentation offloading with ethtool resolved it (
ethtool -K wlan0 tso off). You don't want to know how long I had been pulling my hair out at that issue until I found the fix.That's such a cop-out answer and totally missing the point. I've run Arch on 4 different systems, and yes I had different issues on each and sometimes issues that hit across the board.
At the end of the day, whether or not this was just my personal experience doesn't matter. What matters is that the issues were always caused by what Arch is: a unstable rolling release distro that pushes out the latest version of upstream packages, bugs and all. Sooner or later some will hit you, telling yourself and other people otherwise is deluding yourself and those people.
Here's the thing: your answer is both invalidating and ignorant, and it shows a lack of understanding of what differentiates Arch from a stable distro.
None of these issues were a fault of my own, all I did was
pacman -Syu, and none of this would happen on a stable distro. I'm not saying Arch is shit because of this, I'm saying: beware of what you are getting into when you choose Arch: for every single package on your system, you are effectively at the mercy of whatever "upstream" decides to shit out that week. Being delusional about that fact and having guys come crawling out of the woodworks everytime this is mentioned, saying platitudes like: "I nEvEr HaD aN iSsUe" doesn't help anyone.Do you use your computer for things that rely on specific library versions and functionality?
imagine if you update it after 2 weeks. Arch is okay, if you keep backups. otherwise, you are basically playing a russian roulette
What? I love Arch, it's so god damn stable and fast.
Once i get another machine to dick around on ill try installing arch.
Just use kvm/qemu and install it. When I want to play with detailed setups I install slackware and start configuring/compiling.
yeah i could do that. When i installed it i had a problem booting logging in, it wouldn't goto the DE.
i started learning about linux 4 months ago. Installed Arch with archinstall pretty easily to a VM, it booted up no problem. But you have to manually install the desktop, if you want a gui (who doesn't lol). But there are many desktops for Arch, the most common ones have pretty good documentation. But if i were you, i'd experiment with some more niche desktop emviroments
No need to manually install desktop environments, archinstall also does that (Profile --> Desktop).
i didn't have that option in Archinstall
You did, probably just didn't see it ;) It's been part of it for years, since around 2020 according to GitHub. But to be fair, calling the option "Profile" might not be very intuitive for some people, so it's easy to miss.
i checked every option. maybe it was an old version or a modified one
I haved used many distros and DEs. my favorites are keyboard driven like i3 and such. For now i use fedora because i needed something to work out of the box. I would like to stay in the terminal.
i tried lxqt and gnome. those were disappointments. And i used kde and cinnamon too, those are good
Nice i like lxqt but dont use it currently
absolutely not. look at nixos.
OpenSUSE is the "all of the above" of Linux distros
It is? I had tumbleweed installed and switched to fedora after only a few weeks because it kept freezing.
Weird. I promptly tried Fedora and switched to Tumbleweed after Fedora kept crashing soon after startup. Hardware configuration probably affects the outcome a lot.
The only fair comparison of Linux distros is always on devices of Linux vendors as they both pick the right hardware as well as merge Kernel patches if necessary.
I do however concur that OpenSuse offers basically everything. Except for intuitive system settings - but at least they're all there, you never really have to use the CLI. Other than with others who will eventually lack something. Also the bootable btrfs snapshots by default are a dream for common users.
oh my girlfriend's laptop also just keeps freezing with opensuse. do you have an nvidia card by any chance?
I think random freezing is one of the symptoms of installing it with Ventoy. Ventoy mucks up one of the installer flags or something like that, so even the wiki indicates it's not supported. (Neither is installing it from the Live tester, if I'm not mistaken.)
Correct! Ventoy adds boot parameters on its own, screwing up some fundamental settings (sth. that can happen on any distro that isn't making the user configure everything by hand). It's also a questionable piece of software on its own given the binary blob it adds to every stick… do not use it.
oh well, i guess it must be a different problem on my gf's laptop since we used dd to put the iso in a pen drive
That's what I expect when it gets labelled as Germany
Somehow, I feel called out.
Fedora is security? I mean, don't get me wrong, I love it, it's my daily driver after trying just about every distro under the sun, but I would've figured something like Qubes would stand head and shoulders above it.
i would say fedora is the "security distro for every day people" kind of distro
One of the few with SELinux by default
Outside of everything else that has MAC enabled by default. It doesn't even ship with a Firewall.
Fedora has firewalld by default but in the desktop version all ports are open by default. Pretty sure the server version only has ssh and cockpit exposed by default
( ͝סּ ͜ʖ͡סּ)
I haven't looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn't everything.
I don't know if it ships with a firewall, but that's definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.
Qubes is specialised, whereas Fedora is a general purpose distro with a security focus.
Fedora doesn't have any more of a security focus than anything else in the industry
It has SELinux, what does ubuntu (for example) has?
Apparmor
AppArmor is great but it isn't nearly as powerful as SELinux. Way more user friendly though.
It can be but it takes a lot more effort.
SELinux: high bar to entry but extremely power right away
Apparmor: lower bar to entry but much harder to get advanced functionality and control
Yea, but there are also some things AppArmor just can't do. Although in my experience most aren't as big of a deal. Things like saying "only processes of this type can bind to port X" for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?
They both have really bad documentation though :(
As a Fedora user, I thought Debian would be more secure.
Maybe Fedora Atomic?
I mean, image based (immutable) distros are quite a bit more secure than regular ones, and Fedora Atomic (Silverblue, Bazzite, etc.) is pretty much the only great choice when it comes to those kind of operating systems.
Qubes is the actuall security distro tho.
How slow is qubes? I imagine that virtualising everything is slow. Does it have a containerised mode?
Anti Commercial-AI license
As slow as you expect, at least on anything that requires gpu such as watching videos
For heigh gpu tasks u can passthrough the gpu itself. So inference gaming etc it has same capability as any other os.
It's decent as long as you have adequate numbers of cpu cores and memory for the apps/VMs you run
I'm sorry....but what? It containerizes everything!?
No, virtualize.
It really isnt that slow virtualization overhead is pretty minimal nowdays.
Qubes is specialised, though. The four distros above are general purpose with a focus.
That seems pretty arbitrary
¯\_(ツ)_/¯
Don't forget SUSE's focus on SAP... Which is also Germany I guess
Its Germany's version of oracle. A strategic reserve of evil.
From my experience of Fedora: would you like to update today? Debian: You're good bro, no updates today.
Debian: You're good bro, no updates today.
I would hope the Fedora isn't the only one that cares about security
No no, of course they all do. Fedora just comes with SELinux out of the box, probably still a consequence of it once being downstream of Red Hat Enterprise Linux, before IBM came.
there are many distros with even better or similiar security as fedora. The least secure ones are Ubuntu and distros based on it, and Debian stable. Even less secure are any inactive distro. But in general, most distros can be hardened, some more, some less. Like i can harden my Android phone similiar to Arch's level. (yes, i also use custom kernel on my phone, the most secure one for my device)
Debian? Insecure? It's only as insecure as you make it. The default minimal installation from the netinstall CD has barely anything running - not even SSH unless you explicitly select it during installation.
Why do you think ubuntu and debian derivatives are unsecure?
they are the most widely used, hackers and malware developers target these distros first
It's because there are cases where non security related bugs end up being security bugs after all.
Danke für dies handbuch
Sorry I dont speak swedish would you mind translating?
Tack för denna manual
I don't get the Germany part, and I'm German
SUSE is a German company
I know, but I don't get the joke. We don't do these around here
I think it means that OpenSUSE is "all of the above"—stability, flexibility, security—because those are qualities frequently attributed to German things/products.
It isn't really a joke in the sense of it making fun of Germany or anything like that.
I see. Thanks 💖
SUSE was a German company a century ago, then it changed hands more than a soap bar in a public restroom and now I have no idea if it’s even a terrestrial company anymore
It's a german company again, however currently seated in Luxembourg.
Check the comment from superkret, basically overengineered, redundant and not very intuitive.
I work in german SW development, so I understand. I would put it like this, german backends are among the best you can find but german frontends are usually complicated and not intuitive...
The main problem is the way YaST2 is (not) integrated with the modern KDE and Gnome settings. Gnome 40 then screwed things up even more for them as every item is now part of the overview, there ain't the classical menu anymore.
If you know where to find things it's great, but right now it indeed feels quite messy with lots of settings hard to find and split in lots of submenus.
Thanks 💖
I thought the joke was that each distro has a descriptor that ends with -y with openSUSE's descriptor being unexpected but still matching the pattern.
More accurate i would describe Fedora is:
Adopting Modern features first(Wayland,pipewire,etc Like there is no x mode in most stable Wayland desktops) and only having free and open source Repos(Rpmfusion can be added but its not official and excludes the Kernel drivers).
I mean, sure Arch is flexible. All good footguns can mutilate me in a bunch of different ways.
footgun, Arch, how?
I think, a more serious attempt to summarize openSUSE would probably be: Functionality
Debian, Arch, Fedora and such are all weirdly similar in that they focus so much on minimalism. For example, Debian uses
dashas the default shell, which breaks TTYs, but possibly squeezes out a tiny bit of performance, so I guess, that's worth it...?Debian only uses dash for the system shell, and it does improve performance a bit given how many shell scripts run on a typical Linux system. Interactive shell is still set to Bash by default.
Sure, it's still just certainly a choice. It took me multiple years to realize why it's so broken on TTYs, as well as when you run
newgrpand probably other places.I thought Linux just sometimes goes into this buggy state, where you can't make any typos. At one point, I broke my GUI session and had to fix it, typing commands off of my phone screen, without making any typos.
Learning that this is Working As Intended™ just killed me...
These days, I know that you can just run
bash(or your shell of choice) to get out of this buggy state, and I still setbashas the system shell when I have to use a Debian-based system, because I just do not care about however much performance it brings in.i used Tumbleweed with KDE. It is something i can recommend. Not that customizable, but it has tons of features and very stable for a rolling distro. It only breaks if you try to customize stuff too much
still much more customizable than GNOME
Mint: easy
Mint: come for the ease of installation and use, stay because it’s just Ubuntu and Debian under the hood so it has tons of support, and the terminal is right there if you need to out so some real shit.
I think mine doesn’t roll off the tongue in quite the same way.
I would have put OpenBSD in "focus on security". Or hell The only prebuild thing their is pain, pain and suffering
I actually run OpenBSD on one of my ThinkPads, but I was only including Linux distros in this.
BSD isn't linux. Or am I mistaken?
It is not
for security, use Tails, Qubes, Whonix, or if you want gaming + security, then Bazzite or Garuda
You're confusing security with privacy. While distros you mentioned are great for preventing ISPs and governments from spying on you (privacy), they're not really any better at preventing hackers from exploiting your vulnerable web server than fedora (security).
no, Qubes, Bazzite, Garuda were made with security in mind. Containerization, selinux enforcing, hash checks, address space layout randomization is also built in. These are all more secure than Fedora. Qubes for example, uses vm containers to completly isolate every app, so the system is almost impossible to compromise by malware or hacking. Bazzite uses immutable root file system, much like stock android. it may not along well with unix philosophies, but there isn't really a way for a malicious code to run with elevated privilages or to manipulate system files. Garuda automatically creates snapshota from the system, so if it is compromised, it can be rolled back quickly. Snapshots for external devices or cloud are supported as well. It uses zram compression on swap, this helps avoid data leakages to the disk, so makes sure that after a reboot, every session quits, since data from ram can't leak on the disk. it also uses firejail and chaotic aur sandboxing. There is a smaller support for secure boot too. So these are all highly secure operating systems. And to some degree, privacy and security overlap each other.
Yeah my bad, you're right. I got too stuck on tails, which is in my opinion more focused on privacy than security, and ignored everything else.
Tails in itself is reasonably secure too, but it was mostly designed for use with public computers and forensics, and ofc to conceal network activity that might seem suspicious. And it is a good solution if you need a portable linux, and your android phone is not a good choice for your use case.
How do they do that?
I'm not really expert in this topic, but as far as I know tails is amnesiac os that forgets everything on reboots for example. Both whonix and tails also routes your traffic through TOR which helps hiding your identity.
Concerning other mentioned distros and also security wise, this comment explains it lot better than I would: https://lemmy.zip/comment/15305364
I, uh, use Kubuntu LTS (
--minimal-install, so nosnap).Are *buntu flavors risky for my workstation? Should I be considering Fedora?
Why would they be risky? O.o They're the preferred workstation setup at my place because Ubuntu is spread enough that it can be relied upon to be the distro admins have the most experience with (which is a self-perpetuating thing, I am aware).
Sloppy Seconds - Germany
why or how is fedora security?
Ha. You want STABLE, use NixOS.
If you're cannot parse the configuration file, you don't update. It is perfectly, 100% stable, about 60% of the time (when I change my config file without an error).
nixOS appeals to niche audiences who like to brag about it. I think it is not a good idea to base everything on config files, since there is a lot of room for user error
The config files literally won't compile if there is an incompatibility or error in the code.
Also, every distro has an audience who love to brag about it. The worst part of being a Nix user is I can no longer say "Arch BTW".
Oh you don't use arch? Don't worry bud you'll get there some day.
Not to mention it is a utter pain in the ass.
With that being said, if just the package manager was a config file and there was a reasonable CLI then I could get on board.
You've literally described Linux. Wasn't even a week ago we had a circle jerk on here about how great it is that everything on Linux is an ascii file (technically inaccurate on most distros) rather than a nasty nasty database where the most you can fuck up at a time is a single entry vs breaking the schema of an entire file.
shitstemd, glibc, bloated kernel, sudo and proprietary blobs are not secure
yet he can't write a web server with c from scratch. Curious.
(yes I'm mirroring)
so you run Parabola, Guix or Trisquel or what?