I think a lot of people dislike Ubuntu because of Gnome and Snaps, which is weird to me. You can fairly easily change desktop environment and most Snaps have apt or Flatpak alternatives.
I’m simply not going to support a distro that creates a proprietary service and ships it as the default source of software. I will support and use distros that open source their code so that everyone can benefit from it. Whether workarounds or alternatives exist is unimportant, my prime issue with Ubuntu and Canonical is with their principles, not Ubuntu’s quality as a product to be consumed by me.
It’s just simpler to pick a distribution that matches your choices out of the box, rather than hacking a distro. And I’m talking about Snap in particular.
For anything lower-spec (like, <4Gb of RAM), Ubuntu absolutely CHUGS because of Snaps. Flatpak has no such issue.
Ironically, Lubuntu (a lightweight Ubuntu fork) worked the best for me while I was using it. No slowness, but I installed pretty much everything using Apt (didn't know about Flatpak back then).
I ended up having it lock up and freeze on the sign-in page though, so I moved on to the slightly heavier Linux Mint.
I think this is the perfect post to bring up XWayland.
That being said, I haven't used it yet (so I can't comment on whether it works flawlessly)! Can anyone elaborate on their experiences with it? I'm curious on it and don't have my hands on a Linux machine at the moment
I don’t hate Ubuntu, and it was my distribution from nearly 20 years. Meaning since it was first released until recently. I loved it for a long time because it was based on dpkg which was much better than rpm at the time AND it was way more user friendly than the others. Even as a software developer I like my distribution to move out of the way to let me focus on using it, not babysitting it.
But I moved away because of Snaps. Currently on Fedora and it’s pretty good. I know it’s possible to get rid of Snaps or use a derivative but I prefer to stay close to stock for whatever distribution I use.
If Ubuntu works for you and you don’t mind snaps, then just use that!
Been daily driving Asahi (first ALARM then Fedora when they transitioned) and it’s been exciting to experience in real time how far the project has come. When I first installed, audio didn’t work, the graphics driver was incomplete, and battery life left a lot to be desired. Skip to today and it’s evident how committed marcan and other contributors are to not just porting, but making everything feel right. Highly suggest following him or Lina on Mastodon.
Sorry a bit let to reply, but I’m running on M1 Air and Mini. Off the top of my head, built-in microphone doesn’t work and external displays don’t work through USB/Thunderbolt. Was also having trouble getting my audio interface to work even in class compliant mode. Otherwise it’s a very polished and easy experience.
Does anyone use this? I’ve yet to find a defining feature list of why anyone should use it aside from cosmetic differences. Does it even have a defining feature set?
It seems ok, guess I should try the free version before making judgements, realized the pro is ONLY $50 and completely optional. Sorry
at minimum Seems they charge a shitton for “bonus” software like they’re a wannabe windows or some fuckin shit. Avoid this if you have any respect for yourself or open source software
$2,000 for autocad? Misunderstood what the site was saying Doesn’t sound like the kind of thing a linux distro should be selling. When was the last time Debian tried to get you to spend thousands of dollars on it??
They are just showing you that you don’t need to spend $2000 on Autocad and other listed software, because Zorin has all these open source tools bundled in it.
Though tbh replacing Autocad or office365 with FOSS alternatives are bold claims because these alternatives just aren’t viable in a commercial environment.
It’s just support, for people that can afford it or want it. The bonus software is all free or foss, the rest are wallpapers or other gnome themes that can be get otherwise
Having respect for free (as in “libre”) software means caring if the software can sustain its own development, and not just caring if you get it free (as in “gratis”). It’s not always viable to support a project on donations and free time the way GNU is. xkcd.com/2347/
Tbh I used it few months ago and it’s a pretty decent noob distro but I had some annoying graphical issues caused by snaps, which zorin use(d?) even by default so I can’t recommend it because of that. It also doesn’t allow much customization but that’s GNOME for you.
spoilerAlso, this is just a me thing and not the distro’s fault, but I couldn’t stand having Zs everywhere even if it is a pure coincidence and I actually know the volunteers stand with Ukraine.
It’s a good distro for those who want an easy introduction to Linux, I just think Linux Mint or Pop_OS are better, but there’s many who use it and swear by it.
A better question might be why shouldn’t they? I’m not being pedantic (at least not intentionally) but if their defining characteristic is that they’re nothing special, just a simple Linux distro that does the basic shit easily enough and looks nice - that has major appeal to people unfamiliar with Linux looking to leave other OS’s behind. The vast majority of people that use an OS really have very little idea how it works or why. They just want some basic level of understanding and control over it.
Zorin was, at least a few years ago, tailored to be easy to adapt to for people switching from Windows. This new version looks beautiful, I’m going to take it for a spin!
That’s not exclusive to Zorin however, that’s just a Gnome 42 feature (unless the base gnome implementation is the one you’re referring to that needs configuring in the terminal).
oh yeah. its an out of the box for folks (like myself) who like that. Lots of apps preinstalled including play on linux. So I can install and start using without adding any additional software. Its not the only oob distro but combining that with the look feel emulation is great and I have never seen an oob that sets up wine so well to use immediately. So its a bit like a combo of a gaming distro with oob and then the lookNfeel thing.
I use it. It’s great. I’ve tried Linux many times over the past decade but it never stuck until Zorin. If you’re coming from Windows it’s a very friendly (and polished) way of being welcomed to Linux while also showing off Linux’s strengths, things that are often hidden to the user unless they want to explore the terminal.
For Mac users who are Linux-curious I would recommend Ubuntu because it’s much similar, whereas Zorin seems clearly designed with people who liked Windows 10 but not Windows 11.
I disagree: elementary is quite limited with really basic desktop features out of the box, limited personalization, weird interface decisions with some ugly panels, and pretty behind on updates, relying heavily on their own walled gard-
I think a unified package manager/app store model that is vetted by all contributing distros would go a long way. SteamOS/Steam deck is bringing gamers to linux and that’s great. But it would be easier to bring on a lot more desktop users if there was an app store that every distro could visit. Flatpak is close, snaps however I think are too polarizing.
despite my xkdc smartassedness I would love to see something that made an easy to do thing like this for linux https://portableapps.com/ there are some close things but not quite so easy.
I use fedora silverblue. I’d like to switch to suse microos but the difference is so small that it’s probably not worth it to switch. (Just a guesstimate, silverblue has some goodies afterall with the whole image centric os)
Probably, it’s almost the same for vanillaos. Because everything is within distrobox and flatpak, I do not work with the native package manager anymore (almost, there are exceptions because of the DE).
If I would switch to microos, I, as an enduser, wouldn’t notice too much a real difference.
People should stop making new distros for what should be a post install script. But, things are fucking complicated and that’s why we need the forks and new distros.
Thx for the elaboration. That’s what I roughly meant with “image centric os”.
Opensuse aeon encourages you to use flatpak. The first thing it does right after installation is to install apps from flathub, including firefox (unlike silverblue).
An example from the doc
For this reason, All Applications, Browsers, Codecs needed for specific apps, etc are provided by FlatPaks from FlatHub.
Especially the following
To reiterate: EVERYTHING should be done via Flatpaks or be installed in a Distrobox if a package is not available as a flatpak. Using transactional-update is strictly what you need for your host operating system to work (exotic drivers, specialized vpn services).
Usually, you do not rollback, you do not go back to an older system. On both systems, you use distrobox and flatpak. I don’t see much of a difference as an end user.
Fedora has images which you can create yourself as an enduser which means a corporation with thousands of computers can create their own image. They don’t have to create a new distro. That’s not possible with suse but I don’t know if that’s so important since I do not administer such things. I as an enduser do not care about the underlying system, I don’t tinker with it, I rarely touch it. That’s the case for both distros. I may install a vpn or so.
If you want to tinker with your system, neither fedora nor suse are good for that, using arch is the way to go.
Just checked my own sshd configs and I don’t use CBC in them. I’ve based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it’s ever exposed to the Internet.
Edit: I read it wrong. It’s chacha20 OR CBC. I rely heavily on the former with none of the latter.
Personally I don’t really hate Ubuntu, but I tend to find that everything it does, there’s something else that does it slightly better.
For example, it’s supposed to be a good ‘beginner’ distro or good for something that ‘just works’, but IMO things like Mint or Pop!OS do it a little better these days. Snap is supposed to be a nice simple way to manage packages without worrying about dependencies, but Flatpak does it better and so on.
So yeah I don’t hate it, I just don’t see any particular reason to really use it. Opinions may vary though of course.
Even the researcher who reported this doesn’t go as far as this headline.
“I am an admin, should I drop everything and fix this?”
Probably not.
The attack requires an active Man-in-the-Middle attacker that can intercept and modify the connection’s traffic at the TCP/IP layer. Additionally, we require the negotiation of either ChaCha20-Poly1305, or any CBC cipher in combination with Encrypt-then-MAC as the connection’s encryption mode.
[…]
“So how practical is the attack?”
The Terrapin attack requires an active Man-in-the-Middle attacker, that means some way for an attacker to intercept and modify the data sent from the client or server to the remote peer. This is difficult on the Internet, but can be a plausible attacker model on the local network.
It definitely receives more clicks. I’ve posted this link here a day ago, but arstechnicas title is more engaging. My first thought was whether there’s been another vulnerability found.
That said, this headline isn’t as bad as it could’ve been.
Yeah, if the attacker is in a position to do a MitM attack you have much larger problems than a ssh vulnerability that so far can at most downgrade the encryption of your connection in nearly all cases
I get your point that the exploit existed before it was identified, but an unmitigated exploit that people are aware of is worse than an unmitigated exploit people aren't aware of. Security through obscurity isn't security, of course, but exploiting a vulnerability is easier than finding, then exploiting a vulnerability. There is a reason that notifying the company before publicizing an exploit is the standard for security researchers.
You're right that it's never an OK title, because fuck clickbait, but until it's patched and said patch propagates into the real world, more people being aware of the hole does increase the risk (though it doesn't sound like it's actually a huge show stopper, either).
Weakness and risk are distinct things, though—and while security-through-obscurity is dubious, “strength-through-obscurity” is outright false.
Conflating the two implies that software weaknesses are caused by attackers instead of just exploited by them, and suggests they can be addressed by restricting the external environment rather than by better software audits.
In my opinion Dan Goodin always reports as an alarmist and rarely gives mitigation much focus or in one case I recall, he didn't even mention the vulnerable code never made it to the release branch since they found the vulnerability during testing, until the second to last paragraph (and pretended that paragraph didn't exist in the last paragraph). I can't say in that one case, it wasn't strategic but it sure seemed that way.
For example, he failed to note that the openssh 9.6 patch was released Monday to fix this attack. It would have went perfectly in the section called "Risk assessment" or perhaps in "So what now?" mentioned that people should, I don't know, apply the patch that fixes it.
Another example where he tries scare the reading stating that "researchers found that 77 percent of SSH servers exposed to the Internet support at least one of the vulnerable encryption modes, while 57 percent of them list a vulnerable encryption mode as the preferred choice." which is fine to show how prevalent the algorithms are used but does not mention that the attack would have to be complicated and at both end points to be effective on the Internet or that the attack is defeated with a secure tunnel (IPSec or IKE for example) if still supporting the vulnerable key exchange methods.
He also seems to love to bash FOSS anything as hard as possible, in what to me, feels like a quest to prove proprietary software is more secure than FOSS. When I see his name as an author, I immediately take it with a grain of salt and look for another source of the same information.
linux
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.