this post was submitted on 09 Apr 2024
311 points (98.7% liked)

Linux

48689 readers
387 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I thought I'll make this thread for all of you out there who have questions but are afraid to ask them. This is your chance!

I'll try my best to answer any questions here, but I hope others in the community will contribute too!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 8 months ago* (last edited 8 months ago) (8 children)

Why are debian-based systems still so popular for desktop usage? The lack of package updates creates a lot of unnecessary issues which were already fixed by the devs.

Newer (not bleeding edge) packages have verifiably less issues, e.g. when comparing the packages of a Debian and Fedora distro.

That's why I don't recommend Mint

[–] [email protected] 8 points 8 months ago (2 children)

This is where I see atomic distros like Silverblue becoming the new way to get reliable systems, and up to date packages. Because the base system is standardised there can be a lot more QA as there is alot less entropy in the installed system. Plus free rollbacks if something goes wrong. You don't get that by default on Debian.

Distrobox can be used to install other programs (including GUI apps), I currently run Steam in a distrobox container on Silverblue and vscode with all of my development stuff in another one. And of course use flatpaks from FlatHub where I can, these are more stable than distro packages imo (when official) as the developers are developing for a single target with defined library versions. Not whatever ancient version Debian has or the latest which appeared on Arch very soon after release.

I've tried Debian a couple of times but it's just too out of date. I like new stuff and when developing stuff I need new stuff and it's not good enough to just install the development/unsupported versions of Debian. It's probably great for servers, but I think atomic distros will be taking over that space as well, eventually.

[–] [email protected] 2 points 8 months ago (1 children)

Distrobox can be used to install other programs (including GUI apps)

I need to play around with that sometime. Is it a chroot or a privileged container or is it a sandboxed container with limited access? How's hardware excelleration in those?

[–] [email protected] 2 points 8 months ago

It's just a podman/docker container. I'm pretty sure it is unprivileged (you don't need root). I've tried it on both NVIDIA (RTX 3050 Mobile) and AMD (Radeon RX Vega 56) and setting up the distrobox through BoxBuddy (a nice GUI app that makes management easy) I didn't need to do anything to get the graphics drivers working. I only mentioned BoxBuddy because I haven't set one up from the command line so I don't know if it does any initial set up. I haven't noticed any performance issues (yet).

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

You should definetely check out Bazzite, it's based on Fedora Atomic and has Steam on the base image. Image and Flatpak updates are applied automatically in the background, no need to wait for the update on next boot. Media codecs and necessary drivers are installed by default.

The Bazzite image also directly consists of the upstream Fedora Atomic image, just with quality of life changes added and optimized for gaming

[–] [email protected] 2 points 8 months ago

It looks pretty good, I've been planning on installing it on another computer for use as a media centre. Probably wouldn't use it as my main image as I'm not a huge fan of their customised GNOME experience (I quite like vanilla GNOME with maybe a system tray extension). But I must admit watching some of the videos by the creator of Bazzite and ublue got me interested in this atomic desktop thing again

[–] [email protected] 7 points 8 months ago* (last edited 8 months ago)

Debian desktop user here, and I would happily switch to RHEL on the desktop.

I fully agree, outdated packages can be very annoying (running a netbook with disabled WIFI sleep mode right now, and no, backported kernel/firmware don't solve my problem.)

For some years, I used Fedora (and I still love the community and have high respect for it).

Fedora simply does not work for me:

  • Updated packages can/did break compatibility for stuff I need to get stuff done. Fine if Linux is your hobby, not acceptable if you need to deliver something
  • In the industry, many times not the last recent packages of development environments are used (if you are lucky, you are only a few months or years behind), so having the most recent packages in Fedora helps me exactly zero
  • With Debians 2 years release cycle (and more years of support), I can upgrade to the next version when it is appropriate for me (= 1-2 days when there is a slow week and the worst bugs have been found already)
  • My setup/desktop is heavily customized and fully automated via IaC, no motivation to tweak this stuff constantly (rolling) or every 6-12 months (Fedora)
  • From time to time I have to use software packages from 3rd parties, with Fedora, I might be one update way from breaking this software packages because of version incompatibilities (yes, I might pin a version of something to use a 3rd party software, but this might break Fedora updates (direct and transitive dependencies)
  • I once had a cheap netbook for travel with an infamous chip set bug concerning sleep modes, which would be triggered by some kernels. You can imagine how it is to run Fedora, when you get often Kernel updates and the bug will be triggered or not after double digit numbers of minutes of work.

Of course, I could now start playing around with containerizing everything I need for work somehow and run something like Silverblue, perhaps I might do it someday, but then I would again need to update my IaC every 6-12months, would have to take care of overlays AND containers etc....

When people go 'rolling' or 'Fedora', they simply choose a different set of problems. I am happy we have choice and I can choose the trouble I have to life with.

On a more positive note: This also shows how far Linux has come along, I always play around with the latest/BETA Fedora Gnome/KDE images in a VM, and seriously don't feel I am missing anything in Debian stable.

[–] [email protected] 6 points 8 months ago (1 children)

Debian systems are verified to work properly without subtle config breakages. You can run Debian practically unattended for a decade and it's chug along. For people who prefer their device to actually work, and not just be a maintenance princess, it's ideal.

[–] [email protected] 2 points 8 months ago (3 children)

Okay, I get that it's annoying when updates break custom configs. But I assume most newbs don't want to make custom dotfiles anyways. For those people, having the newest features would be more beneficial, right?

Linux Mint is advertised to people who generally aren't willing to customize their system

[–] [email protected] 5 points 8 months ago

having a stable base helps. Also, config breakage can happen without user intervention. See Gentoo or Arch's NOTICE updates

[–] [email protected] 3 points 8 months ago

I customized Mint. It is a great system that I run in a VM.

[–] [email protected] 1 points 8 months ago

Breaks can happen without user intervention in other distros, there are some safeguards around it, but it happens. Also new users are much more likely to edit their configs because a random guy on the Internet did it than an experienced person who knows what they're doing, also a lot more likely not to realize that this can break the system during an upgrade.

[–] [email protected] 5 points 8 months ago (1 children)

Noob question?

You do seem confused though... Debian is both a distribution and a packaging system... the Debian Stable distribution takes a very conservative approach to updating packages, while Debian Sid (unstable) is more up-to-date while being more likely to break. While individual packages may be more stable when fully-updated, other packages that depend on them generally lag and "break" as they need updating to be able to adapt to underlying changes.

But the whole reason debian-based distros exist is because some people think they can strike a better balance between newness and stability. But it turns out that there is no optimal balance that satifies everyone.

Mint is a fine distro... but if you don't like it, that is fine for you too. The only objection I have to your objection is that you seem to be throwing the baby out with the bathwater... the debian packaging system is very robust and is not intrinsically unlikely to be updated.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Noob question?

Should I've made a new post instead?

You do seem confused though... Debian is both a distribution and a packaging system...

Yes, Debian is a popular distro depending on Debian packages. My concern is about the update policy of the distro

But the whole reason debian-based distros exist is because some people think they can strike a better balance between newness and stability.

Debian is pure stability, not the balance between stability and newness. If you mean debian-BASED in particular, trying to introduce more newness with custom repos, I don't think that is a good strategy to get balance. The custom additional repos quickly become too outdated as well. Also, the custom repos can't account for the outdatedness of every single Debian package.

you seem to be throwing the baby out with the bathwater... the debian packaging system is very robust and is not intrinsically unlikely to be updated.

Yes, I don't understand/approve the philosophy around the update policy of Debian. It doesn't make sense to me for desktop usage. The technology of the package system however is great and apt is very fast

[–] [email protected] 1 points 8 months ago

Debian is a balance between stability and newness.
If you want to see what pure stability looks like, try Slackware.

[–] [email protected] 3 points 8 months ago (1 children)

Unlike other commenters, I agree with you. Debian based systems are less suitable for desktop use, and imo is one of the reasons newcomers have frequent issues.

When installing common applications, newcomers tend to follow the windows ways of downloading an installer or a standalone executable from the Internet. They often do not stick with the package manager. This can cause breakage, as debian might expect you to have certain version of programs that are different from what the installer from the Internet expects. A rolling release distro is more likely to have versions that Internet installers expect.

To answer your question, I believe debian based distros are popular for desktop because they were already popular for server use before Linux desktop were significant.

[–] [email protected] 1 points 8 months ago (1 children)

That's a bad example, Debian is bad because people use it wrong and it breaks is not a really strong argument, same can be said about every other distro.

I believe Debian based distros are popular because Ubuntu used to be very beginner friendly back in the early 2000s, while other distros not so much. Then a lot of us started with it, and many never switched or switched and came back.

[–] [email protected] 1 points 8 months ago

Debian is not bad. It is just not suitable for newcomers using it for desktop. I think my arguments hold this stance.

[–] [email protected] 3 points 8 months ago (1 children)

As someone not working in IT and not very knowledgeable on the subject, I've had way less issues with Manjaro than with Mint, despite reading everywhere that Mint "just works". Especially with printers.

[–] [email protected] 3 points 8 months ago

Yeah, Manjaro just works, until it doesn't. Don't get me wrong, I love Manjaro, used it for years, but if it breaks it's a pain in the ass to fix, and also hard to get help because the Arch community will just reply with "Not Arch, not my problem" even if it's a generic error, and the Manjaro community is not as prominent.

I could also mention them letting their SSL certificate expire, which doesn't inspire a lot of trust, but they haven't done that in a while.

[–] [email protected] 1 points 8 months ago (3 children)

Because people have the opposite experience and outlook from what you wrote.

I’m one of those people.

I’m surprised no one brought up the xz thing.

Debian specifically targeted by complex and nuanced multi prong attack involving social engineering and very good obfuscation. Defeated because stable (12 stable, mind you, not even 11 which is still in lots of use) was so slow that the attack was found in unstable.

[–] [email protected] 7 points 8 months ago (2 children)

This is not a good argument imo. It was a miracle that xz vulnerability was found so fast, and should not be assumed as standard. The developer had been contributing to the codebase for 2 years, and their code already landed in debian stable iirc. There's still no certainty that that code had no vulnerabilities. Some vulnerabilities in the past were caught decades after their introduction.

[–] [email protected] 2 points 8 months ago (1 children)

Its not a miracle it is just probability. When you have enough eyes on something you are bound to catch bugs and problems.

Debian holds back because its primary goal is to be stable, reliable and consistent. It has been around longer that pretty much everything else and it can run for decades without issue. I read a article about a university that still had the original Debian install from the 90's. It was on newer hardware but they just copied over the files.

[–] [email protected] 2 points 8 months ago

Lots of eyes is not enough. As I mentioned earlier, there are many popular programs found on most machines, and some actually user facing (unlike xz) where vulnerabilities were caught months, years, and sometimes decades later. xz is an exception, not a rule.

[–] [email protected] 1 points 8 months ago

I was running 12 stable on a machine that had been updated and upgraded in between the time when the backdoor was introduced and when it was discovered. At no point in time did either dpkg query or the self report show that system had the affected 5.6.0(?) version.

Stable had versions of xz that contained commits from the attacker and has been walked back to before those were made out of an abundance of caution.

There’s a lot of eyes on that software now and I haven’t seen anyone report that versions between the attacker gaining commit rights and the attacked version were compromised yet, as you said though: that doesn’t mean it isn’t and vulnerabilities have existed for many years without being discovered.

As to whether it’s a good argument, vulnerabilities have a short lifespan generally. Just hanging back and waiting a little while for something to crop up is usually enough to avoid them. If you don’t believe me, check the nist database.

I’m gonna sound like a goober here, but the easiest way to not trip is to slow down and look where you’re going.

[–] [email protected] 1 points 8 months ago (1 children)

If that is a good tradeoff for you, old/broken packages but more trusted, then that's okay. Btw, the xz backdoor was found so quickly it didn't even ship to most distros in use, except for Debian Sid and Arch I think

[–] [email protected] 1 points 8 months ago

I see it as a fantastic trade off. There are some packages I use that need to be more up to date than stable repos and I either install them from different repos or in a different way.

And arch never even had the whole backdoor because they built from source and didn’t include the poison pill binary component from the attacker.

[–] [email protected] -1 points 8 months ago (2 children)

I'm not sure what planet you are on but Debian is more stable and secure than anything I have ever tested. Maybe Debian gets a bad rap because of Ubuntu.

[–] [email protected] 2 points 8 months ago (1 children)

I disagree. Stable, yes. But stable as in unchanging (including bug-for-bug compatibility), which imo is not what most users want. It is what server admins want though. Most newbie desktop users don't realize this about debian based systems, and is one of the sources of trouble they experience.

Debian tries to be secure by back porting security fixes, but they just cannot feasibly do this for all software, and last I checked, there were unaddressed vulnerabilities in debian's version of software that they had not yet backported (and they had been known for a while). I'm happy to look up the source for you if you're interested.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Show me a source. I run Debian everywhere including production critical systems. I've never had an issue

Maybe start here: https://www.debian.org/security/

[–] [email protected] 1 points 8 months ago (1 children)

Here's an example:

https://www.reddit.com/r/debian/comments/pgv3wc/debian_chromium_package_has_many_security_issues/

Being able to run a distribution on multiple machines does not mean it is free of vulnerabilities. You'd only know if you're checking CVEs for each package you use.

[–] [email protected] 1 points 8 months ago (2 children)

A reddit post from 3 years ago is not valid evidence

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago) (1 children)

As if Debian has changed fundamentally since then...

[–] [email protected] 1 points 8 months ago (1 children)
[–] [email protected] 2 points 8 months ago

Are you able to demonstrate with supporting evidence?

[–] [email protected] 1 points 8 months ago

Why is that? It shows proof of the exact thing I said. If you don't like that it's on Reddit, I can copy paste it here.

If you want more examples, I'm happy to provide them. Here is another example:

https://security-tracker.debian.org/tracker/source-package/linux

[–] [email protected] 1 points 8 months ago

Debian is for sure not more secure than most other distributions/operating systems. (Might be true for what you tested).

Not even mentioning the famous Debian weak SSH key fuck up (ups), Debian is notoriously understaffed to take care of back ports of security patches for everything which is not the kernel/web server/Python etc. (and even there I would not be too sure) and don't get me started on starting services/opening ports on an apt install etc.