I think I’ve put fedora on at least 4 personal systems and it has never caused an issue. It’s so smooth it’s boring in the best way. Switched to it for daily computing about 4 years ago. I use a minipc as a media server with Arch and turning it on it’s exciting. Just this fucking morning the default configuration decided that my main audio device was a microphone. Lovely. So flexible.
Mint: easy
From my experience of Fedora: would you like to update today? Debian: You’re good bro, no updates today.
I think, a more serious attempt to summarize openSUSE would probably be: Functionality
Debian, Arch, Fedora and such are all weirdly similar in that they focus so much on minimalism. For example, Debian uses
dashas the default shell, which breaks TTYs, but possibly squeezes out a tiny bit of performance, so I guess, that’s worth it…?More accurate i would describe Fedora is:
Adopting Modern features first(Wayland,pipewire,etc Like there is no x mode in most stable Wayland desktops) and only having free and open source Repos(Rpmfusion can be added but its not official and excludes the Kernel drivers).I would hope the Fedora isn’t the only one that cares about security
there are many distros with even better or similiar security as fedora. The least secure ones are Ubuntu and distros based on it, and Debian stable. Even less secure are any inactive distro. But in general, most distros can be hardened, some more, some less. Like i can harden my Android phone similiar to Arch’s level. (yes, i also use custom kernel on my phone, the most secure one for my device)
Nixos: everything everywhere all at once
Good for you there wasn’t an “ease of use” or “intuitive” field.
nixOS is for people who love config files
you don’t even need to know where, you don’t even need to know when. that’s how every it gets
NixOS is from Max Verstappen country not Sebastian Vettel country
for security, use Tails, Qubes, Whonix, or if you want gaming + security, then Bazzite or Garuda
You’re confusing security with privacy. While distros you mentioned are great for preventing ISPs and governments from spying on you (privacy), they’re not really any better at preventing hackers from exploiting your vulnerable web server than fedora (security).
no, Qubes, Bazzite, Garuda were made with security in mind. Containerization, selinux enforcing, hash checks, address space layout randomization is also built in. These are all more secure than Fedora. Qubes for example, uses vm containers to completly isolate every app, so the system is almost impossible to compromise by malware or hacking. Bazzite uses immutable root file system, much like stock android. it may not along well with unix philosophies, but there isn’t really a way for a malicious code to run with elevated privilages or to manipulate system files. Garuda automatically creates snapshota from the system, so if it is compromised, it can be rolled back quickly. Snapshots for external devices or cloud are supported as well. It uses zram compression on swap, this helps avoid data leakages to the disk, so makes sure that after a reboot, every session quits, since data from ram can’t leak on the disk. it also uses firejail and chaotic aur sandboxing. There is a smaller support for secure boot too. So these are all highly secure operating systems. And to some degree, privacy and security overlap each other.
Flexibility translates to unpredictable.
I’ve never had any issues with my Arch install being unpredictable. It has always worked exactly as I expected it to, even though I update it every couple of days.
Do you use your computer for things that rely on specific library versions and functionality?
I’ve been using Arch since 2014. If I could be arsed, I could write you a looooooooong list of regressions I’ve had to deal with over the years. For an experienced Linux user, they’re usually fairly easy to deal with, but saying you never have to deal with anything is just a lie.
My experience with Arch is basically: it’s all very predictable until it isn’t and you suddenly find yourself troubleshooting something random like unexplainable bluetooth disconnects caused by a firmware or kernel update.
What you’ve said is true, though it’s a bit of a trade-off – over the years I’ve wasted so many hours with those “user friendly” distros because I need a newer version of a dependency, or I need to install something that isn’t in the repos. Worst case I have to figure out how to compile it myself.
It’s very rare to find something that isn’t in the Arch official repos or the AUR. Personally I’ve found that being on the bleeding edge tends to save me time in the long run, as there’s almost no barriers to getting the packages that I need.
Did you consider that the problems you have might not be problems that other people experience? I very highly doubt our two systems are at all similar. Your experience is just that, yours, and so you don’t have any right to be arbitor over whether or not I’m lying.
It has always worked exactly as I expected it to
Just expect it to break, then it will behave as expected taps head
Well I set up automated timeshift on btrfs, so maybe that’s why it’s playing nice.
imagine if you update it after 2 weeks. Arch is okay, if you keep backups. otherwise, you are basically playing a russian roulette
I don’t like waiting that long, because sitting for an hour while it recompiles everything that updated is annoying. I like the daily or so updates that only take a couple minutes.
What? I love Arch, it’s so god damn stable and fast.
absolutely not. look at nixos.
Once i get another machine to dick around on ill try installing arch.
i started learning about linux 4 months ago. Installed Arch with archinstall pretty easily to a VM, it booted up no problem. But you have to manually install the desktop, if you want a gui (who doesn’t lol). But there are many desktops for Arch, the most common ones have pretty good documentation. But if i were you, i’d experiment with some more niche desktop emviroments
I haved used many distros and DEs. my favorites are keyboard driven like i3 and such. For now i use fedora because i needed something to work out of the box. I would like to stay in the terminal.
i tried lxqt and gnome. those were disappointments. And i used kde and cinnamon too, those are good
Nice i like lxqt but dont use it currently
Just use kvm/qemu and install it. When I want to play with detailed setups I install slackware and start configuring/compiling.
yeah i could do that. When i installed it i had a problem booting logging in, it wouldn’t goto the DE.
When you run OpenSUSE, you can feel it was made by Germans.
The installer is a beautiful example of German engineering.
The package manager is a perfect example of German over-engineering.
If you run it with KDE, you have 2 redundant GUI admin tools for every config in the system, and 4 for setting up printers.German engineering.
Thank you for the nostalgia
Yeah that sounds like a typical BMW engine layout.
It’s amazing how OpenSUSE got my laptop’s valve covers to leak oil.
Sees “Germany”
Die Kommentarspalte dieser Pfostierung befindet sich ab sofort im Besitz der Bundesrepublik Deutschland meine Kameraden!
Ahoi, Genosse! Wie läuft die Germanisierung? Verbreiten Sie erfolgreich das Wort von Linux in Ihrem Heimatland?
(Übersetzung von DeepL)
Ohhh ich spreche auch Wurst. Wie geht es ihnen mein Herr, toetet den fuehrer und benutzt Linux statt Fenster.
Wir sprechen Kraut, bitte sehr.
Somehow, I feel called out.
I mean, I’m on Debian and I’m on the same install instance I’ve had for almost four years now. I’m constantly reading about how some of you people keep hosing your other distros with a normal update…
Four years? Some rookie numbers you got there.
Maybe they mean four year uptime…
Some of us were riding Windows 7 into the ground, specifically when Steam stopped supporting it.
- Recent Ubuntu convert, even more recent Debian convert
Real. Though sometimes running a recent version of something is a real challenge, unless it ships in appimage. If it’s a small program you can usually backport the package from unstable or just build it yourself, but if it depends on some rust or js libraries or whathaveyou you have to do so much crap you might as well just be running trixie
Couldn’t Distrobox get you through that?
Sure, but honestly I hate the idea of having different runtimes. That’s the reason why I like neither snaps nor flatpaks.
Fedora 41 is now the ‘wait 45 seconds every boot because you don’t have a tpm chip’ version.
What’s wrong with your Fedora installation? Mine doesn’t do that (also without a TPM chip)
Fedora shouldn’t be touching the TPM at all
Can i get some context please? My fedora install wasn’t using TPM, i had to manually configure it; i haven’t noticed any difference in boot speed with or without TPM encryption
Why wouldn’t you just use a password?
I want to have data-at-rest encryption, so that the only password i need to insert is my user one, this allows me to not have to type passwords multiple times. If i had the regular encryption password i would have to enable autologin in SDDM, which would do away with the encryption on kdewallet and all my credentials.
Plus i also enable secureboot, and use fedora kinoite, so that i is hard to tamper with my boot stuff without my TPM wiping itself off my encryption password, this gives me a very Bitlocker-like setup, but without the shittiness of having my encryption keys linked to microsoft’s terrible encryption system and user accounts, i can actually control my stuff like this. For a laptop, i must say data-at-rest encryption is a must!
This setup gives me multiple security layers; took my laptop off me -> booted my laptop, faced with user password -> tried to boot another OS, TPM wiped itself, no more encryption key -> computer now asks for encryption password, has to find a way around LVM2 encryption -> LVM2 encryption (somehow) defeated they must now crack my user password, or have to (try) to decrypt my credentials on the file system itself; after all these convoluted and extremely hard steps i think we can agree this person really deserves to have access to my cool wallpapers
Secure boot and TPM aren’t known for there robust security. In fact, I’d wager that your machine is probably vulnerable.
Or for that matter, it is possible that your secure boot keys have been leaked or that your TPM is vulnerable to sniffing.
that’s annoying. my laptop has TPM and i also encrypted the disk
Fedora is security? I mean, don’t get me wrong, I love it, it’s my daily driver after trying just about every distro under the sun, but I would’ve figured something like Qubes would stand head and shoulders above it.
One of the few with SELinux by default
Outside of everything else that has MAC enabled by default. It doesn’t even ship with a Firewall.
Fedora has firewalld by default but in the desktop version all ports are open by default. Pretty sure the server version only has ssh and cockpit exposed by default
I haven’t looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn’t everything.
I don’t know if it ships with a firewall, but that’s definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.
Maybe Fedora Atomic?
I mean, image based (immutable) distros are quite a bit more secure than regular ones, and Fedora Atomic (Silverblue, Bazzite, etc.) is pretty much the only great choice when it comes to those kind of operating systems.
As a Fedora user, I thought Debian would be more secure.
i would say fedora is the “security distro for every day people” kind of distro
Qubes is specialised, whereas Fedora is a general purpose distro with a security focus.
Fedora doesn’t have any more of a security focus than anything else in the industry
It has SELinux, what does ubuntu (for example) has?
Apparmor
AppArmor is great but it isn’t nearly as powerful as SELinux. Way more user friendly though.
It can be but it takes a lot more effort.
SELinux: high bar to entry but extremely power right away
Apparmor: lower bar to entry but much harder to get advanced functionality and control
Yea, but there are also some things AppArmor just can’t do. Although in my experience most aren’t as big of a deal. Things like saying “only processes of this type can bind to port X” for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?
They both have really bad documentation though :(
