Nix is better because you can use a lock file to fetch the exact revisions of each software. Even proprietary stuff is hashed so when you download it, it’s checked to be bit identical to the lock file hash before it’s installed
This means your setup on another machine is the same as long as the lock file is the same.
Also you can switch to an older revision, mix and match stable and unstable, keep your whole setup in a git repo. It’s basically everything you ever would want from a package manager (reproducible builds already done for the minimal version, soon coming to all 80,000 packages)
Lots of great answers here already so I will only address a couple of things that haven’t been mentioned:
Regarding Fedora Silverblue:
Currently, Fedora Atomic Desktops are in a major shift to accept OCI container images for delivery of packages. This means that the built image becomes one compliant to OCI and that we boot into an OCI container as our system. As OCI images are relatively declarative (not to the extent that NixOS does (yet)), it becomes possible to have a set of config files (most importantly, the so-called Containerfile) in which your system is ‘declared’/‘configd’. In case you’re interested into how this looks/works, consider taking a look at uBlue’s startingpoint or if you’re more interested in the scope of configuration into Bazzite and/or Bluefin.
apx is available as a COPR on Fedora Atomic Desktops.
Nix can be installed on Fedora Atomic Desktops using Determinate Systems’ installer.
Regarding Vanilla OS:
They’re also moving to a model that’s very close to where Fedora Atomic Desktops is heading towards. So, expect a similar way to config/‘declare’ your system.
What are your thoughts on the three four distros mentioned above?
It’s a question of polish if you’d ask me. With Fedora Atomic Desktops and NixOS being advantageous due to being more established and better funded. I wouldn’t write off Vanilla OS yet as they seem to know what they’re doing. Though, I wouldn’t keep my hopes up for blendOS as its main developer was unaware of which MAC was configured by default on blendOS (spoiler alert: none, at least at the time).
Furthermore, NixOS is literally its own thing and unfortunately infamous for its steep learning curve. If you can afford to learn and conquer NixOS, then NixOS should be the recommendation; unless (like me) you seek SELinux on your systems.
Between Fedora Atomic Desktops and Vanilla OS; Vanilla OS is still in its major rewrite/revamp. The alpha builds are there, but I wouldn’t recommend using those on production machines. Fedora Atomic Desktops, on the other hand, has been going strong for a while now and the uBlue-team has even succeeded in making the OCI-stuff accessible for the general (Linux) public. So if you want to switch now and NixOS is/seems too hard; then Fedora Atomic Desktops it is. On that note, I recommend to check out the uBlue project.
Which ones are the most interesting, and for what reasons?
Honestly, all of them are really interesting, but NixOS does the most unique stuff; with only Guix doing something similar within the Linux landscape. To give you a taste of some of the wild stuff found on NixOS; there’s the so-called Impermanence module which -to my knowledge- happens to be the closest thing to a usable stateless system we’ve got; period. Consider reading this excellent blog post in case you’re interested to know what this entails.
I have had a wonderful experience with the Surface Pro 4, back in uni, and would have definitely recommended that. Check how the 9 performs with Linux.
That said, despite being crowned the champion for this, I would not recommend anything from the Dell XPS line. Especially not the recent machines, or the convertibles
Garbage build quality, and poor longevity. Out of the box, they may have been great machines (before the current generation). As soon as you start having problems, you would spend all for your time wishing you got something else
Lots of people gave great advice. Let me sum a bit of that up.
Flatpak
No error means success. You might want to install gnome-software-plugin-flatpak to make it available in gnome-software. I’d advise against using flatpaks if you also have the software available in the debian repositories. Always use the package manager instead, when possible. Those packages are maintained by the debian community and tied into the rest of the system. Flatpaks are not.
sudo
What would you like? That is kinda intended behaviour and an integral part of security. But you can have it remember the password for some time. Or ask for a different password.
FDE
I think a clean install is the quickest way to fix this. You can also get the other things right while at it.
DE
You can choose the desktop environment while installing Linux. You chose the default Gnome Desktop. It’s designed more like Apple or Android tablets. I quite like it. You don’t have that menu blocking space on the monitor. Instead you just bump your mouse to that top left corner or press the windows key and you have a fullscreen menu with your favorites. You can also directly start typing the first letters of the application you want and hit enter and start is, without lifting your fingers from the keyboard and it’s way quicker and more streamlined than clicking on things in a windows start menu. You can have an addidional dock somewhere at the left or the bottom with an additional gnome extension like this or what other people suggested. But if you’d like it like windows, why don’t you try the KDE destop? I think you’d be more comfortable with that if you’re looking for something alike the windows experience.
Ubuntu
Ubuntu regularly does some stupid things. I’ve been using Debian for quite some time. I suppose the differences for you are minor anyways and you could have it look the same if you found out which gnome quick-launch bar to install or if you used the KDE desktop instead.
I’d advise against using flatpaks if you also have the software available in the debian repositories. Always use the package manager instead, when possible.
Please let me disagree on this. Debian + Flatpaks is actually an awesome combo. Rock solid and super stable base, up to date user facing apps.
Debian’s life cycle is awesome for core system stuff, it ensures that once your system runs perfectly, it’ll continue to run perfectly for several years without intervention despite always being up to date.
But for user facing apps, it’s actually really frustrating when you know there is a bug fix or a feature you need that’s been implemented and made available months ago but you’re stuck on a 2-year-old version.
It’s just, we get so many questions regarding Flatpak from newer users:
Why doesn’t App A tie into App B?
Why doesn’t the program tie into my desktop environment?
How can I install Addons?
Why can’t I access files somewhere
And it’s just not easy. The Apps/Programs are sandboxed and can’t tie into each other unless specifically made for this. Addons need to be put inside of that environment or the program needs to be fitted with some kind of Appstore that incorporates this. You can’t just download an addon from github and drag and drop it like the instruction says. New users blame that on Linux. And you need to understand the additional Flatpak permission system.
In my experience these problems have really increased in the last year or so.
Next thing is, you lose what the distro maintainers do for you. They double check that everything works together well and is tied into your desktop. Breaking changes are postponed until the next major releas of the distro. Since you mentioned Debian, they strip tracking behaviour, and most importanly they fix security issues quickly. Once I read about a severe vulnerability in libpng it’s often already fixed or takes them like one to three days.
Everytime I have a look at ‘flatpak list’ I have like 3 different versions of some runtime installed and it takes half a year until the last flatpak app is updated to the release without that vulnerability. And I get that. Programmers of a project mainly code, and maintenance and packaging the stuff isn’t necessarily top priority on their agenda. But you as a user are exposed for months and I usually expect exploits to appear in the wild after some weeks.
That may be less of a concern if you install OBS via flatpak or a game. But this would be bad if it’s a web-browser or a messenger.
That’s why I usually tell people not to use Flatpak. If you know about the consequences and how to handle the sandboxing and get an addon working, go ahead. Maybe subscribe to a mailing list regarding the security vulnerabilities, because that’s now your job.
For Debian users there are a few alternatives. You could just mix and match software from ‘stable’ and ‘testing’. That is not recommended, but everyone does it. Second thing: Just install Debian testing and you get a rolling distro. That’s what I do and it works great. Well, during the ‘freeze’ for the next version you will experience some delays until they figure out some library updates and dependencies. But that’s alright. [Edit: on second thought: Considering the next comment, maybe I shouldn’t recommend that. It works for me but it definitely has some caveats and you need to understand the consequences I didn’t mention here and be able to fix the occasional hiccup.]
All your points are valid, and I agree with most of them except maybe advising people to use Testing ;)
From a security point of view, Testing is dead last in Debian’s vulnerabilities fix order of priorities after SID and Stable, and fixes in general except when the next release is being freezed. I’ve undergone breaking changes and regressions weekly on Testing, dependency issues that took forever to get fixed, and the year or so I’ve spent on Testing was miserable. Testing definitely has its purposes, but daily driving it on a laptop should not be one of them.
I understand the issues you’ve got concerning Flatpaks and how it goes against a distro’s philosophy, but I think, from a “normie”'s POV, it’s still miles better than the classic “download a random exe from a random website and never bother having to uninstall and reinstall it every week to keep it up-to-date” windows paradigm. Flatpaks are mainly a solution for developers and package maintainers (package once, distribute everywhere), but it benefits the end users. You get to use “the same version as everyone else”, always up-to-date whether you’re on Debian or on Arch, compiled against a known version of all dependencies so bug reports are more consistent and avoid weird distro-specific behaviors.
Thanks. You’re right. I’ve edited my comment. I shouldn’t be advertising testing. And I probably misremember how often I fix a minor hiccup that I forget about 2 days later. And I keep an eye on important programs when they get ‘stuck’ or I get aware of vulnerabilities and switch to SID or stable with cherry-picked packages. But that requres you to read all the tech news and that’s not a safe way to do it regardless.
I agree. Flatpak is lightyears ahead of downloading executables or doing the imfamous ‘curl software/install.sh | sudo bash’ It is definitely the right tool if your alternative is to download something from a random website or the software isn’t packaged in your distro. (And also for proprietary software.)
I think the correct approach is to ask yourself if you really always need the latest releases and newest version of your software. And if it’s worth the consequences. Flatpak really makes it so easy and smooth that many people aren’t aware it comes with consequences until later. I know everyone always wants everything. Rock stable and tested, bulletproof security and the newest version of everything right away. I do, too. We seem to both like Debian. It’s provided me with most things I need for quite some years and it really earned my trust. We all know how the maintenance process works there and how that turns out. Problem is, if I now circumvent what defines Debian, I kinda lose parts of what makes it great. That should be done with some caution. But sometimes it’s necessary. Sometimes I want unpackaged software. Sometimes I need the newest features of OBS or Kdenlive. Or FreeCAD did some major restructuring and the Debian version just always crashes once I add a chamfer to my 3D-workpiece and Debian keeps that ancient version in the repository. There’s no way around taking matters in your own hand. Also I sometimes keep several versions of browsers around to do some web-development and Flatpak is awesome for things like that.
Maybe I need to provide people with a more nuanced answer the next time someone asks about Flatpak stuff. The main point is probably that you take matters in your own hands at that point and need to be aware of that. It requires you to make case-by-case decisions and have a look at if the specific Flatpak is maintained well. There is no simple answer anymore. With a distro you mainly get what you asked for and you should know if you chose your distro, and with it the way it handles things, for a reason.
Use Tor Browser if you want it dialed up to eleven. You'll quickly find that it's way more of a hassle to use, and also still pretty easy to accidentally compromise the security measures.
Of course Firefox isn't perfect; nothing is. But a 180 turn implies it's the opposite of perfect now, and it really isn't - especially in a world where basically every other browser is waaaay closer to that.
From this comment I suppose you never used Librewolf or Arkenfox. The Torbrowser is only a hassle because
it uses “private browsing” always, which completely hinders people from saving anything. This is not needed, as cache, session etc could simply be deleted via the settings.
it uses the Tor network, which is a huge thing. Cloudflare and all that BS block you 90% because of that. Its even worse than with VPN
The real difficulties just come when you use Noscript, or Ublock with hard settings. The hardened browser alone is unproblematic. But if you use Noscript, you dont want to not use it anymore. Sites are so bloated with third party javascript that is simply not needed.
Firefox on Default is not stopping much tracking. It should teach users how to be private. Also work of course, but really. Other browsers will scream out way more data, thats for sure. But Firefox has all these features but nobody knows them.
So, in the end there is no real usecase for Firefox. And people use any other “secure” Browser instead
I mean, you're just saying that if you don't dial it up to eleven, but just to nine, then you'll hit less breakage. Which, sure, but that's kinda my point: a usable browser needs to strike a balance, and that's exactly what Firefox is trying to do - which is really something different from "needing a 180-degree turn". Firefox by default is stopping way more tracking than e.g. Chrome, and guides users to installing e.g. uBO.
Also note that most breakage isn't immediately obvious. For example, if you turn on privacy.resistFingerprinting, then Google Docs will become blurred. However, by the time you see that, you won't be able to link that to the flipped config. This is the kind of breakage that many "hardening guides" cause, and by that, they eventually lead people to switch to Chrome, which is the opposite of what they're supposed to achieve.
And sure, Librewolf draws the line at a slightly different place than Firefox does. But the main difference is not sending data like hardware capabilities, crash stats, etc. to Mozilla - which don't threaten democracy or result in hyper-targeted ads, but do enable Mozilla to optimise the code for real-world use.
Agree. But again, as this hardening is not accessible via GUI, it is mysterious as it is. With a switch similarly places like the brush in torbrowser or the shield in FF this could be easily dealt with.
More fancy would be whitelisting sites via gui.
No, Librewolf doesnt only limit data sent to mozilla, but its basically as hardened as Arkenfox/Torbrowser.
Yes, but as soon as it is accessible via the GUI, more and more people will start getting blurred Google Docs (and similar weird issues) without knowing how that happened - because that's already happening even with people who know enough to make changes in about:config.
Ah yes, people are indeed known for always reading long readmes and fully grasping the consequences of their actions, especially if those occur long after said actions :P
A lightweight distro won’t help you since gaming and zoom will still consume the same amount of resources.
Whatever your distro/DE needs to run itself isn’t even a drop in the ocean compared to your browser for example.
I was doing a similar breakdown back when I bought my System76. The difference was upgradability. If I ever thought I might need more RAM I’d have to buy that up front on the MacBook air, putting its price over 1,700 off the shelf for the max ram. System76 cost close to the base MacBook air model, but I can add RAM and upgrades at my choosing, find the best price, and install them myself when I need them. That was worth it for me.
The issue is that the M1 (M2 and M3) chips are way more efficient than X86 chips and they gets really good battery life compared to standard PC hardware. So I can hate on the software, the price, the lack of expand-ability, and so much more but I can’t get that efficiency anywhere else.
System76 doesn’t have some massively efficient ARM chip and system to separate them from any other windows laptop maker I just put linux on. You buy System76 because you like System76. I can live with that and I am very willing to spend more for less in places I feel matter.
I’m looking for a new laptop and really don’t know much about hardware these days (been running my old 2015 toshiba sattellite lol, I usually just have hand-me-downs), but I’m looking at getting something that doesn’t make me sacrifice my firstborn to an eldritch being to change the goddamn battery. So far I have sys76 and framework on the list, are there any other manufacturers I should also look at? And any reasons I should or should not get a laptop from any of these companies (like this one above, which is a point for framework)?
I was looking at getting a laptop from System76 but the shipping to Europe is insane. I’ve heard some good things about Tuxedo Computers. I don’t have personal experience with any of them so can’t comment on that
As. Someone who is incredibly poor and use my current fire stick as a way to help me because of accessibility for my disabilities. Does anybody know if there’s a alternative to Chromecast, fire stick or Roku that doesn’t involve another computer (which I could get a raspberry pi or another computer dedicated to media, but government doesn’t believe in giving disabled people enough for those things)
I don’t pay for my streaming services. My mom who is barley surviving too and others pay for it. Had no choice really. Sense I have zero income it’s hard to save up. (been battling the government for nearly 6 year’s to get SSI or anything to help )
I think they did that because of old disks, avoid fragmentation and if one partitions is corrupted you can always recover the important files on /home and things like that, not sure neither. 🫤
I had the same problem (running Fedora 38), and this post really helped me - it goes through the whole MOK generation/enrollment and then provides a script to automatically sign the modules. I had to make a couple of adjustments to make it work on my system and to automatically load the modules with modprobe , but now I just run /sbin/vboxconfig; /root/bin/sign-vbox-modules each time my kernel gets updated and can use VBox fine again.
I actually just tried Gnome Boxes and it seems to work mostly fine but the only problem I’m having is that I’m trying to run a Windows XP virtual machine but I can’t figure out how to get files from my host to the guest. Apparently, I need some software to be running on the guest but the website that I need to download the software from doesn’t work in internet explorer and I obviously can’t just download it on the host and transfer it to the guest.
While I have already found a solution (and with it found out that the software doesn’t even work in windows xp) the only way to download Boxes that I could find was through flathub, which doesn’t allow usb devices for some reason. What does work is that I can just put all of the files I want transferred into an iso file and mount it to the VM.
Also, if there is a way to install Boxes outside of flathub, I’ll have to check it out tomorrow because of late it is for me right now.
It’s not outdated, just less necessary now. With SSD’s, you can just copy your /home back from your daily backup after reinstallation, which takes all of 5 minutes.
OpenSUSE (and probably some other distros) have it built-in, you just have to activate it. If yours doesn’t, you have to install a program that does it or configure one manually.
I have daily backups for brtfs but for my / only via Linux Mint’s Timeshift. I do manual backups for some of my home folders every week. I take it the backups you mention would be lost over a reinstall?
How long that takes depends entirely on the size of your home, the number of files in there and how you store your backups.Not everyone has tiny home directories.
If your home is smaller than 2TB, it’s not an issue.
And if it’s larger than 2TB, then why the hell is all that data on your /home SSD and not a separate HDD, NAS or file server?
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.