I occasionally see love for niche small distros, instead of the major ones…
And it just seems to me like there’s more hurdles than help when it comes to adopting an OS whose users number in the hundreds or dozens. I can understand trying one for fun in a VM, but I prefer sticking to the bigger distros for my daily drivers since the they’ll support more software and not be reliant on upstream sources, and any bugs or other issues are more likely to be documented abd have workarounds/fixes.
So: What distro do you daily drive and why? What drove you to choose it?
I really like immutable distros, and am currently using NixOS. I feel like despite still being relatively obscure, NixOS is a bit of an outlier since it has more packages than any other distro and is (so far) the only distro I’ve used that has never broken. There is a steep learning curve, and I certainly wouldn’t recommend it for non programmers, but it is something truly different than all mainstream Linux distros while being extremely reliable.
Recently started learning NixOS and seems like it’s going to be ridiculously awesome! Documentation doesn’t look to be great in a lot of areas though unfortunately, so might be a while before I really figure shit out.
I probably should try NixOS, but I’m tempted by BlendOS
Repology artificially reduces the number of packages instead of reporting the actual number. Which I find highly dubious because most packages have a purpose. In particular for repositories like the AUR artificially eliminating packages goes against everything it stands for. Yes it’s supposed to have alternative versions of something, that’s the whole point.
If there wasn’t for this the ranking would be very different. Debian for example maintains over 200k packages in unstable.
void boots fast on rather old or very low powered copmuters :3
Also on modern firebreathers.
I like runit better than systemd, the packages are current, and it has most of what I want in the main repos.
I also found the documentation excellent in thst it’s a cohesive list of real-world topics rather than a 500-km-deep wiki or forum archive.
I should try a modern Slackware one day. I loved it back before I had broadband and just ordered a burned CD for each new release, but I should try following -current and the Slackbuilds stuff.
Slackbuilds are really nice. Sbopkg lets you download queue files for each program, then automatically install necessary dependencies in the correct order, no matter if they’re available as packages or from source. Unfortunately, Slackware is so bare-bones out of the box that there are still pitfalls. For example, LibreOffice depends on avahi. And to successfully install that, you first need to create an avahi user and group, then install avahi, then write an init script that starts the avahi daemon and another one to stop it on shutdown.
-Current is much too active for my personal taste. I run Slackware because I’m a lazy Slacker.
The laziest approach to Slacking today is to install the default full install, then do:wget https://github.com/sbopkg/sbopkg/releases/download/0.38.2/sbopkg-0.38.2-noarch-1_wsr.tgz #Download the Slackbuilds helper Sbopkg slackpkg install sbopkg-0.38.2-noarch-1_wsr.tgz #Install it sbopkg -r #Sync its local repository to Slackbuilds sqg -a #Build queue files (dependency info) for the repository sbopkg -i flatpak #Install Flatpak and its dependencies flatpak remote-add --user flathub https://dl.flathub.org/repo/flathub.flatpakrepo #Add the Flathub repo
I use Linux since 1999 and I’m with you, I don’t like niche distros. I like them to be well supported with many devs in them, and a structure around them. My days of tinkering died already in 2002 (I’m looking at you Gentoo and sia). Since then, I want things to work the way I expect them. That’s why I now use Debian or Mint.
I’m like you, started Linux with v0.99, downloading on floppies at university, installing on 486, installing X11, drivers, etc. It was fun at the beginning, I was young, had time, I was a “LFS” guy, always recompiling everything and all, and it was time consuming, and boring, and slow at the time!!! Then I basically use Debian (Ubuntu, Mint, now MX for 6 years at least) for 20 years… it works, I’m ok with it.
Yes I tried Arch, the low level install, it reminded me of my LFS time, but now I’m an old coot and I don’t have time for this shit 😆
We sound like we have almost identical experiences. Except, while I do have some Debian kicking around, I just love Arch and the AUR. But I mostly use EndeavourOS ( Arch for people who don’t have time for this shit ).
Same. I started off on Gentoo, jumped to Puppy, jumped to Slack, jumped to Fedora, jumped to Arch, jumped to Nix, jumped to Guix, jumped back to Arch, and now I’m thinking Debian is the only true stable upstream linux needs.
Plus I’m sick of tweaking my configs for the N’th time to work on the M’th system. To quote a random side-character in American Dad: “I have painted my children for the last time.”
(I will at some point start playing with BSD’s though, I just know it. And Haiku too once they have decent laptop support.)
Gentoo linux, the main reason is ive tried many distros, which to alot of there credit worked pretty well for 99% of stuff. But like for example bazzite somthing broke upstream to where because of how OCI works and it layers systems. It takes Silverblue and adds alot of packages to become Bazzite and then my repo stripped out stuff i didnt want. But it became A NIGHTMARE when your builds fail and you cant figure out why. And its because of somthing upstream. And you cannot build/update because upstream brokey. And like with NixOS which i still daily on my main rig, but gentoo on everything else. Is really powerful but the immutability gets in your way for some things and it takes alot of time to adapt scripts or troubleshoot. So i ended up installing gentoo on my other computers because they do simple tasks, i dont half to worry about breakage because of snapper and stable channel (at least on the NAS) And its alot of fun to turn a live CD into a OS that has only what you want in it. SystemD or OpenRC, hardened toolchains or normal? And distcc and binhost are S tier
Gentoo is the best!
Build flags are absolute godsent.
Ever wondered how much shit goes into your software? How many packages include blutooth or CD drivers? Well, you would be suprised.
LibreOffice REQUIRES MySQL client (or MariaDB), and you can’t build it without it. Sounds weird? Then you have no idea what happens inside your packages.
On an atomic distro your build environment should be in container, where it doesn’t matter what ships with the base image
I use guix because, while it has a small community, the packaging language is one of the easiest I’ve ever used.
Every distro I’ve tried I’ve always run into having to wait on packages or support from someone else. The package transformation scheme like what nixos has is great but Nixlang sucks ass. Being able to do all that in lisp is much preferred.
Plus I like shepherd much more than any of the other process 0’s
As a nix user, guix looks legit nice but it took me until 2 days ago to actually find community projects made for guix(https://whereis.みんな/) . Sometimes I just wish they used the same store and daemon as nix so that nix packages can work as guix dependencies and vice versa.
(Also major thing stopping me from using guix is I don’t get service types at all, let alone how you’d define your own service :( )
You can use nix alongside guix, it’ll just double-up the dependencies on disk:
services (append (list (service nix-service-type)) %base-services)))Services are, in guix terms, any configuration change to a computer, so creating your own service 99% of the time is just extending
etc-service-typeand creating a variable interface to fill in the config file text yourselfCreating a service as in a daemon of some kind uses shepherd and involves extending
shepherd-service-typeorhome-shepherd-service-typewith your service description, depending on whether the service runs in root or user space.Shepherd service configurations aren’t actually part of the guix spec(https://www.gnu.org/software/shepherd/manual/shepherd.html#Defining-Services), but still use Guile, so you can interoperate them super easily.
It’s important in guix to understand lisp pretty thoroughly, and knowing how to program lisp is still a very useful skill to have so I’d recommend learning it even if you never touch guix.
I daily drive secureblue; or, to be more precise, its
bluefin-main-userns-hardenedimage.“Why?”, you ask. Because security is my number one priority.
I dismiss other often mentioned hardened systems for the following reasons:
- Qubes OS; my laptop doesn’t satisfy its hardware requirements. Otherwise, this would have been my daily driver.
- Kicksecure; primary reason would be how it’s dependent on backports for security updates.
- Tails; while excellent for protection against forensics, its security model is far from impressive otherwise. It’s not really meant as a daily driver for general use anyways.
- Spectrum OS; heavily inspired by Qubes OS and NixOS, which is a big W. Unfortunately, it’s not ready yet.
I would be really interested in a comparison of Kicksecure and secureblue. I’m interested in running one of them myself
Please allow me to link to an earlier comment of mine that goes over this in more length. You may also find it copied-and-pasted down below:
First of all, apologies for delaying this answer.
Disclaimer:
- I’m not an expert. While I try to verify information and only accept it accordingly, I’m still human. Thus, some falsehoods may have slipped through, my memory may have failed me, and/or what’s found below could be based on outdated data.
- Additionally, I should note that I’m a huge nerd when it comes to ‘immutable’ distros. As a result, I’m very much biased towards secureblue, even if Kicksecure were to address all of their ‘issues’.
- Furthermore, for the sake of brevity, I’ve chosen to stick closely to the OOTB experience. At times, I may have diverged with Qubes OS, but Qubes OS is so far ahead of the others that it’s in a league of its own.
- Finally, it’s important to mention that -ultimately- these three systems are Linux’ finest when it comes to security. In a sense, they’re all winners, each with its use cases based on hardware specifications, threat models, and priorities. However, if forced to rank them, I would order them as:
Qubes OS >> secureblue >~ Kicksecure
Context: Answering this question puts me in a genuinely conflicted position 😅. I have immense respect for the Kicksecure project, its maintainers and/or developers. Their contributions have been invaluable, inspiring many others to pursue similar goals. Unsurprisingly, some of their work is also found in secureblue. So, to me, it feels unappreciative and/or ungrateful to criticize them beyond what I’ve already done. However, I will honor your request for the sake of providing a comprehensive and balanced perspective on the project’s current state and potential areas for improvement.
Considerations: It’s important to approach this critique with nuance. Kicksecure has been around for over a decade, and their initial decisions likely made the most sense when they started. However, the Linux ecosystem has changed dramatically over the last few years, causing some of their choices to age less gracefully. Unfortunately, like most similar projects, there’s insufficient manpower to retroactively redo some of their earlier work. Consequently, many current decisions might be made for pragmatic rather than idealistic reasons. Note that the criticisms raised below lean more towards the idealistic side. If resources allowed, I wouldn’t be surprised if the team would love to address these issues. Finally, it’s worth noting that the project has sound justifications for their decisions. It’s simply not all black and white.
With that out of the way, here’s my additional criticism along with comparisons to Qubes OS and secureblue:
- Late adoption of beneficial security technologies:
Being tied to Debian, while sensible in 2012, now presents a major handicap. Kicksecure is often late to adopt new technologies beneficial for security, such as PipeWire and Wayland. While well-tested products are preferred for security-sensitive systems, PulseAudio and X11 have significant exploits that are absent from PipeWire and Wayland by design. In this case, preferring the known threat over the unproven one is questionable.
- Qubes OS: Its superior security model makes direct comparisons difficult. However, FWIW, Qubes OS defaults for its VMs to Debian and Fedora. The latter of which is known to push new technologies and adopt them first.
- secureblue: Based on Fedora Atomic, therefore it also receives these new technologies first.
- Lack of progress towards a stateless[1] system:
Stateless systems improve security by reducing the attack surface and making the system more predictable and easier to verify. They minimize persistent changes, impeding malware’s ability to maintain a foothold and simplifying system recovery after potential compromises. While this is still relatively unexplored territory, NixOS’s impermanence module is a prominent example.
- Qubes OS: There’s a community-driven step-by-step guide for achieving this.
- secureblue: Based on Fedora Atomic, which has prioritized combating state since its inception[2]. Its immutable design inherently constrains state compared to traditional distros, with ongoing development promising further improvements.
- Deprecation of hardened_malloc:
This security feature, found in GrapheneOS, was long championed by Kicksecure for Linux on desktop. However, they’ve recently chosen to deprecate it.
- Qubes OS: Supports VMs with hardened_malloc enabled OOTB, for which Kicksecure used to be a great candidate.
- secureblue: Continues to support hardened_malloc and has innovatively extended its use to flatpaks.
- This paper provides a comprehensive (albeit slightly outdated) exposition on the matter. Note that it covers more than just this topic, so focus on the relevant parts.
- Colin Walters, a key figure behind Fedora CoreOS and Fedora Atomic, has written an excellent blog post discussing ‘state’.
I have definitely read this answer before. I think we’ve probably already spoken on the matter. Indeed, Lemmy has a serious dearth of users interested and using secure distros over the averages. Thanks for your efforts; I do not know how to follow users on Lemmy but if I did I’d follow you. Do you have a blog/any other forum you’re more active on?
Personally, I find it difficult to justify the time to learn Secureblue (especially the immutable part) or NixOS on Qubes because custom DispVMs with curated salt states work so well already. I’m interested in use-cases that will improve my security but I haven’t found any dialogue on this yet. If you do have opinions on this and know where I can look, I would greatly appreciate it!
I think we’ve probably already spoken on the matter.
That’s definitely possible. Unfortunately, I don’t recall it 😅.
Indeed, Lemmy has a serious dearth of users interested and using secure distros over the averages.
It’s definitely better at this than the platform that starts with an “R” and rhymes with “shit”.
Thanks for your efforts; I do not know how to follow users on Lemmy but if I did I’d follow you. Do you have a blog/any other forum you’re more active on?
That’s such a compliment. This is definitely one of the nicest things I’ve read on Lemmy. I really appreciate it.
Unfortunately, I’m only somewhat active on Lemmy. FWIW, consider checking out the following places if you haven’t yet:
- dataswamp.org/~solene
- privsec.dev
- tech.michaelaltfield.net/
And, of course, Qubes OS’ forums.
Personally, I find it difficult to justify the time to learn Secureblue (especially the immutable part) or NixOS on Qubes because custom DispVMs with curated salt states work so well already. I’m interested in use-cases that will improve my security but I haven’t found any dialogue on this yet. If you do have opinions on this and know where I can look, I would greatly appreciate it!
As I’ve previously alluded to, I don’t have any hands-on experience with Qubes OS yet. So, I don’t think I can contribute meaningfully in this discussion. However, IIRC, there are some discussions found on the forums/discussions page for Qubes OS.
Thanks for the tips
whonix?
Whonix is an OS exclusively meant to be used within a VM; at least, until Whonix-Host is released. Therefore, I didn’t include it as it’s not actually competing within the same space; as it can be run on any of the aforementioned systems within a VM. Finally, it’s worth noting that by its own documentation, it’s desirable to do so with Qubes OS.
Very interesting had not heard of this one yet. What are the main advantages of using this, that make it more secure?
What are the main advantages of using this, that make it more secure?
More secure compared to your average distro? Or more secure compared to a specific set of distros? Unless, this is properly specified, this comment could become very unwieldy 😅.
Thanks in advance for specifying!
Sorry, it was a badly formatted question I wrote whilst commuting earlier… I ended up looking the project up to look into the details, seems very promising! I’ll soon be booting Linux into a work laptop and think secureblue might be a very strong contender for this 💪
Aight. I’m glad to hear that that has been resolved. I’d love to hear about your experiences on secureblue, so consider to report back. Finally, note that as a hardened distro, some things might work differently from what you’d expect. So be prepared to relearn a thing or two 😉.
I too prefer big distros, but niche distros are usually big distros with small tweaks in the default config or installed packages. It’s Debian/Fedora/Arch slightly tweaked.
Because Hyprland Arch is the Bees Knees
Declarative system configuration is the killer feature of NiOS. Atomic rollbacks too. Versioning the whole mess in Git, too.
I’d say nix is hardly niche at this point (although I’m biased cause I use it a ton)
There’s even a termux fork these days that runs nix on droid
Not sure if niche, but I use Arco Linux instead of the alternatives like Endeavour, Manjaro, or plain arch.
Why? Its easier to setup than straight Arch. Manjaro was all over the place when I tried it a few years back. Arco, right from the ISO stage, let’s you configure exactly what you want, with a handy guide on their website.
But the thing that keeps me loyal is the excellent community. The maintainer himself responds to most of your queries on telegram / discord (not FOSS reeee) and he’s very active on YouTube as well with no nonsense guides and walkthroughs. Shoutout Eric Dubois
Yeah, Erik Dubois and his YT channel were probably the main reasons I stuck with ArcoLinux for as long as I did, even if I did some hopping and eventually ended up on Fedora (I needed a static release)
Debian, I got tired of things breaking in arch and even in fedora. I learned a lot but in the end, I just got tired of it.
How is Debian a niche distro?
oh, my bad I misunderstood the question 😅
Generally, those people are experienced users that know exactly what they want out of a distro and don’t really need help for anything. Those distros usually do a few things that the user is seeking.
For example, for some people, typing their thesis in LaTeX using emacs is the better workflow. To any average person that sounds insane when Microsoft Word is so easy to use and does the job just fine. But they enjoy it, it works for them, paper gets written, everyone is happy.
Distributions are a spectrum between novice users and expert users. Some people want to put the USB in and be good to go. Some people want a very precise setup for very specific needs.
You may ask, why not start with Ubuntu/Mint/Pop and remove what you don’t like? Well, it’s much easier to start with a blank slate than making one by chopping everything out. For my particular use case, I moved to Arch in big part because I got tired of the mainstream distros getting in my way, and wanted to start the other way around and only install and configure what I want, the way I want it. So Arch for me.
I know experienced users that really don’t care about messing around and are happy with how it runs out of the box and are happy with the development environment provided by something like Ubuntu/Fedora.
And then there’s my box which is a NAS, a workstation, a media PC for the TV, a build server, and a few other things, and it’s all dynamically reassignable. Friend can pick up the controller in the TV room and a GPU gets assigned to it and starts up Steam in Deck mode on the TV, while I can still do my stuff and game on the workstation side for local multiplayer. If the game needs a server, no worries, it’s a kube node, I can temporarily transfer the server locally and back on one of my real servers. Guest needs a PC? Sure, take this monitor and this keyboard, here’s an ephemeral Windows install. Sure, I could probably twist Ubuntu into doing all that, but it’s one hell of a lot easier starting from scratch.
Would you explain better you set-up? At least a reference to the underlaying system. Is it kubernetes?
It’s a Threadripper system which effectively behaves like two CPUs and loads of coree, two GPUs, one dedicated to my desk for the monitors, and the other one can be reassigned freely with VFIO to be a few different things. The TV is connected to that GPU. Storage is all ZFS.
- One VM is a kube node to run stuff on that GPU
- One VM is the media center / gaming stuff
- Technically I have a Windows and Mac VM too but I practically never use them.
When the second GPU isn’t attached to a VM, I can also use it on the host with DRI_PRIME. The host is also a kube node, so I can also run some (modest) AI stuff there too.
The rest is random glue scripts like detecting when the controller connects and shuffling VMs around on that signal. The kube stuff is brand new, half the things are just regular docker compose files still.
I’m looking into trying out kubevirt and see where that goes. The GUI is the only thing left that’s relatively normal on the host and I’d very much like to make that a container and split things up in sort of “activities” so the browser is its own thing, each project is its own thing so I don’t npm install a rat.
Weird someone has a similar setup to mine, its almost exactly the same (one nvidia one amd? Cause that’d be scary).
Feel like its overkill for most folks though lmao
All AMD, RX 570 and Vega 64.
It’s not that rare, I know someone on IRC that’s also doing something similar. I stole the kubevirt idea from him.
I originally built that box to be a VM powerhouse for development, and VFIO was an explicit feature I wanted, that was right before Proton became good and made it unnecessary.
Debian for ages, now Gentoo, Slackware and occasionally Devuan. Not really niche i’d say…
Because i like choice and flexibility.
Linux culture is about freedom of choice and movement. Any project can be forked, tweaked, expanded, or outright overhauled by anybody with the know-how in order to meet specific use cases. And those use cases are often the same as other’s use cases. But in most cases, they are still rooted in the project they forked from. I.E, any guide that applies to Ubuntu is likely going to apply to Pop!_OS or Mint, since they’re based on Ubuntu. So there’s rarely a downside to niche distros, because you can have something that’s close enough to a popular distro but that caters to your unique needs and wants.
For me, for example, I use Nobara. It’s rather niche and in most cases, it either works beautifully for you, or it doesn’t work at all, honestly. But it’s based on Fedora, so any guide for Fedora is likely to apply to Nobara. I get all the benefits of being on Fedora with tweaks and patches that make my gaming experience much more stable. And quite frankly, Nobara has made my rig run the best it ever has.
I wouldn’t say it’s a full on daily, but Bunsenlabs distros. It started out with Lithium because they had a non PAE build and I needed it for an old Pentium M laptop. I ended up really liking it. It’s debian at the end of the day so software support is plentiful. It’s super lightweight. It ran on the pentium m laptop (only 1 gb of ram) without much issue. It’s also baby’s first foray into window managers as it used openbox.
I ended up installing it on my other old laptop that has an 8th gen i7. I’ve been pretty happy with it as a result.
I.have 2 gripes but idk if it’s Bunsenlabs’s fault. I had an nvme ssd that refused to play ball with it, a Samsung PM991A nvme ssd. I couldnt work with it at all. Using gparted to format it was a no go as Gparted would just die. I know that line of ssds is problematic in the hackintosh community. Not surprised that it sucks here. Also trying to disable the lid close is impossible. Tried cli, can’t find my lid close sensor. It might be because it’s a x360 laptop so it’s a lot more complex lid detection wise.
I had an nvme ssd that refused to play ball with it, a Samsung PM991A nvme ssd
Did other NVMe drives work? I wonder if it’s using an outdated NVMe driver… Was the kernel old?
I honestly haven’t tried any other nvme ssds with it because it’s such a pain to install new ones in that computer. It’s a motherboard removed procedure. I have an sn850x that Id want to try with it. It was on bookworm so an updated kernel.
