I have been tossing around the idea of a little distro hopping. I’m an avid mint fan. It was my first jump from windows. I became quite familiar with mint but felt the want to branch out and went down the rabbit hole (oh my lanta). I like stability and cleanliness. Security by default. Least mental load possible long-term.
I’m currently testing out NIXos. Next will be VanillaOS, 3rd will be Fedora Silverblue. Anyone have good recommendations? Easy backups, stability, security first posture, least maintenance and memory load. I hate getting scattered in symlinks, scripts, and filesystem placing.
I’ve tried going full custom Linux mint. But app armour and Firejail constantly conflict or require manual updating and tweaking to keep up to date with app installs, or general life cycle updates.
The most intriguing aspect if NIXos was that basically the entire configurable system was confined to two files. Infinitely reproducable. I tend to swap laptops or hardware relatively often being on the go or getting good tech deals. Having your entire system in two files essentially is awesome.
What are some pros and cons of different distros? What do you daily drive as a power user? Give me your thoughts and recommendations! Thanks.
gentoo is secure
I have never played with Gentoo. I will take a look at it. I never really heard about it much.
Security? Qubes! https://www.qubes-os.org/
Honestly id argue Debian stable is the most secure as long as the apps your using are getting security hotfixes backported. Since you get all the security fixes and none of the new features that tend to be where new security holes pop up. Combine that with good opsec in general, and your basically good to go.
One thing tho. Some people use them interchangably but is your focus security or privacy? Security being harder for bad actors to exploit something on your system, and privacy being strict control over your data.
Privacy is generally good opsec. This is just for daily use for all things laptop. If focus on security and privacy. But if your secure then nobody can get to your private files ect.
Why not test Secureblue instead of Silverblue?
I didn’t know it existed. Whoops. I will definitely check it out over silver blue.
Fedora’s Anaconda system makes UEFI secure boot easy and ships with SELinux integrated but set to permissive by default. Their built in network filtering tools are pretty easy but I still just use OpenWRT on a separate device. Silverblue was nice for a few years but I switched to Workstation for a machine with Nvidia hw.
I’ve heard good things about work-station. I’ve really been distro shopping and that’s the great thing about the Linux and open source community. Having all the options! That being said I think it’s a big part of the lack of cohesive expansion too. Going too wide instead of deep. So projects don’t last unless their big. Like Ubuntu or Debian etc
They all have a purpose. The key is knowing and understanding their primary purposes. Fedora is like the beta of Red Hat. Red Hat is the old paid pro server version. The main sell of RHEL is the zero down time kernel updates, and lots of custom tools. Fedora is the distro to get the Linux Bible (book) and learn SysAdmin for an IT path.
Debian is where hardware support is built and has tons of custom tools to bootstrap new or undocumented hardware.
Ubuntu is built on Debian, but is primarily a smaller scale server option like RHEL. Their main objective is LTS kernels. LTS is usually poorly understood by many users. It means most packages included in the distro are outdated and frozen in time. There are updating exceptions for packages that never break backwards compatibility. The whole point here is that I can write a script in bash, Python or whatever high level language, and build a custom server that can be online and left unattended while getting security updates to remain online while the LTS remains supported.
Gentoo can build everything from source and can reconfigure or modify anything. It is like Arch Linux with tutorial information documented fully and a responsible package manager that does not do regular rsync hardening pop quizzes on the only distro you’ll ever actually boot from backups regularly (Arch).
Nix is for deprecated dependency hell.
Kali or Parrot are for getting your own FBI agent.
Deepin is Chinese, but Tails is for Chinese abroad.
OpenWRT is for embedded Linux, mostly routers, but anything really.
Linux From Scratch is for base chad god bod and Hannah Montana Linux is for memes.
Debian is so old it doesn’t work on very modern hardware… So what your talking about?
Also Ubuntu is not a “server” option. They do have a server option yes. It is the most used desktop or at least was.
Also I used arch for ca 2 years not once needed to use a backup. Even though I abused the hell out of it.
Debian is so old it doesn’t work on very modern hardware
Why is it running on my new MSI Katana?
Old kernel = old drivers. Its that simple… Things might work on a basic level sure. Drivers baked in to the kernel and when you use a damn old version of it you get old drivers and old hardware support.
Everything works. Even the Nvidia drivers work.
I play Final Fantasy XIV on this laptop with no problems.
Are you insane? Debian is a base distro like any other and runs more hardware than any other. It has all of the bootstrapping tools to get hardware working.
Canonical is a server company and Ubuntu server is literally the product.
Arch is absolute garbage for most users unless you have a CS degree or you have entirely too much time on your hands and don’t mind an OS as your life project. Arch abhors tutorial content in all documentation and therefore dumps users into a rabbit hole regularly. Pacman is the worst package manager as it will actively break a system and present the user with the dumbest of choices at random because the maintainers are ultimately sadistic and lackadaisical. Arch is nearly identical to Gentoo with Arch binaries often based on Gentoo builds, yet Gentoo provides relevant instruction and documentation with any changes that require user intervention and does so at a responsible and ethical level that shows kindness, respect, and consideration completely absent from Arch. Arch is a troll by trolls for trolls. I’m more than capable of running it now, but I would never bother with such inconsiderate behavior.
I like stability and cleanliness. Security by default. Least mental load possible long-term.
Excellent breakdown of your desires! FWIW, I definitely resonate with these as well.
I’m currently testing out NIXos. Next will be VanillaOS, 3rd will be Fedora Silverblue.
One simply can’t ignore the fact that these are so-called atomic distros. Which makes a ton of sense considering what you set out for. FWIW, my personal takes on the individual projects are as follows:
- NixOS is pretty excellent. If the epitome of cleanliness is reached with becoming stateless, then there’s simply no other viable alternative.
- For VanillaOS, I feel it has yet to fully realize its promise. Or, at least, hasn’t fulfilled whatever’s required to break into the (relative) ‘mainstream’ for one reason or another.
- Fedora Silverblue has been my daily-driver in some shape or form over the last three years 😅. As such, I’m clearly biased. However, I’d reckon secureblue, i.e. a derivative that goes all-in on security, is actually more interesting for you.
Anyone have good recommendations? Easy backups, stability, security first posture, least maintenance and memory load. I hate getting scattered in symlinks, scripts, and filesystem placing.
Honestly, with Fedora Atomic and Nixos, you’re already considering the very best at the job. Though, for completeness’ sake, consider looking into openSUSE Aeon as well. While I’d argue the other two are currently more interesting, I wouldn’t want to dismiss it altogether.
Beyond these, we find some other distros that miss something crucial for them to be considered a legit candidate/alternative:
- Guix System can put up a decent fight against NixOS and may even sway you over if you’re into lisp. Unfortunately, though, it has yet to receive what flakes brought to the table for NixOS. Don’t get me wrong; Guix’ implementation of channels is vastly superior over Nix’ and therefore Guix System doesn’t gain as much from its (to be) flake counterpart. However, with flakes, NixOS becomes pretty smooth sailing. Like, you can just trust it to work reliably. With Guix, however, it can get ugly sometimes. Which can even lead the biggest Guix proponents back to NixOS…
- Kicksecure is another hardened-by-default distro worth mentioning. Sadly, unlike secureblue, it does nothing with atomicity.
What are some pros and cons of different distros?
This is too broad of a question 😅. If possible, narrow it down to some face-offs you’re particularly interested in. After which I will try to help out if I can. Btw, I ‘found’ this comment that attempts to assign tiers to distros in terms of how they fare security-wise.
What do you daily drive as a power user?
Without going over what a power user is and/or if I would even qualify as such, I’ve been daily-driving secureblue for over a year now.
Give me your thoughts and recommendations! Thanks.
At this point, I think both NixOS and secureblue pose as the most interesting candidates for ya. The former peaks in cleanliness, while the latter peaks in security.
Most major distros are fairly secure by default without things breaking (arch is a exception there, As you got to set that up your self).
If you want to go extreme their is Qubes OS. But you can not swap that across systems like you might want do.
Qubes is good. Not super daily driver friendly. Lots of tweaks needed. I use a laptop like a phone replacement. Banking, apps, messaging, all sorts of usual phone tasks. Also Qubes is too resource heavy on a laptop, it drains the batteries in a couple hours on basic usage. Takes 16 gigs if RAM to run and 32gb to breathe really. Plus 30 ish percent CPU idle roughly on a 12th gen Intel i7.
It’s too heavy to daily, perfect for desktop, just not laptop all day material.
There is Parrot OS Home edition which is marketed as privacy and security friendly.
Parrot is a pentesting setup, it isn’t practical or appropriate as a daily driver.
“Home Edition: Designed for daily use” - from their website
Something tells me it might be practial for daily use
