What is Reddit's opinion of
Debian?
From 3.5 billion Reddit comments
➔ Debian website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
This is just reactionary and useless word salat. Like seriously, take two steps back and figure out what problem you are trying to solve in the first place. Than figure out if having that document would be helping with that. Take this bit:
> Individual characteristics, including but not limited to, body, sex, sexual preference, race, language, religion, nationality, or political preferences are irrelevant in the scope of the project and will not be taken into account concerning your value or that of your contribution to the project.
What problem is that trying to solve? None of those things have ever been a problem in any project I have seen. Writing down "These things that never mattered, don't matter" isn't helping anything, it's useless waste of ink.
> Authority or position in the project will be proportional to the accrued contribution. Seniority must be earned.
So if you a really useful person comes along they can't get into an authority position due to not being long enough involved in the project? Not very Meritocratic.
For a good Code of Conduct see Debian. It tells you how to behave, what to expect and gives you a rationale for why. It's a project specific set of rules that tells you the philosophy behind the project is already running it at and things that have proven useful, it's not trying to reshape the community by means of authoritarian rules.
A Code of Conduct needs to be minimalistic and actually address problems a project is having.
New stuff in Debian 8:
- systemd is now the default init system.
- arm64, 64-bit port for ARM machines and ppc64el, 64-bit little-endian port for POWER machines are now supported on Debian 8.
- Gnome 3.14
- Cinnamon & mate-desktop
- You can easily install audio, midi, graphics, video, using the tasksel interface.
- New updated documents including video tutorials.
- More info here.
To be fair, unattended-upgrades is actually a good idea because it only cares about security updates, so this shouldn't take long and afaik it should usually not happen during shutdown.
But I personally think that this makes a lot more sense on a server than on a desktop computer, because of the exposure of the server to the open internet.
Oh, it's not reviewers and reddit that made Intel drop this idea. In fact Debian devs straight out said they refuse to publish this microcode update... and that means no patches to a SHITLOAD of companies and government agencies all over the world:
Heck, depending on how it would be interpreted it would be illegal to use monitoring software on servers. As in - any half decent company must be using something to measure CPU load over time. Now, they would also install this microcode update and see it possibly CHANGING from the original data. It could even make them consider having to buy additional servers if the load increased too much. That's the very definition of "benchmarking".
Intel dropped a ball on that one alright and could possibly find itself under a rain of lawsuits since this would effectively make system administration not compliant with their license terms, that's ONE HELL of a fuck up to fight bad reviews.
No, a lot of people don't like the specific CoC that they introduced (I'm fairly certain nobody would have a problem if they used the Ruby CoC or the Debian CoC) and the baggage that comes with it (the writer of the CoC they chose has a habit of going into GitHub issues and demanding that certain people not be allowed to contribute to a project because of something they said on Twitter, views that specific CoC as a political document, and views it being adopted by Linux as having "won," whatever that's supposed to mean.)
A lot of people use the word "open source" to mean "the source is publicly available."
A lot of people use the word "open source" to mean "complaint with the OSI's Open Source Definition," a document which is essentially the Debian Free Software Guidelines edited to remove specific mentions of Debian.
GP is one of the former group, which confuses everyone in the latter group whose definitions of "open source" software and "free software" are basically the same. (So I've largely stopped using the term "open source," personally, unless the meaning is clear from context.)
Then, of course, there are the people who use "open source" to mean "the same rules about licensing as free software, but describing a profitable business practice and not an ethical ideal," which gets super fuzzy....
Eine für mich verständliche Kritik an dem Linux CoC ist, dass er sehr viel Spielraum in der Auslegung lässt. Das kann dazu führen, dass ernstgemeinte Kritik am Code nicht mehr stattfindet, weil Leute Angst haben, dass ihre Kritik als persönlicher Angriff aufgefasst wird. So etwas lässt sich mMn vermeiden wenn man eine Unschuldsvermutung in den CoC übernehmen würde. (Wie z.B. bei Debian)
The Debian Social Contract. Ubuntu is run by a company, Canonical. They are motivated by profit, and so they make decisions that are not best for users or for free software as a whole.
So their license no longer meets the Open Source Definition
> 5) No Discrimination Against Persons or Groups The license must not discriminate against any person or group of persons.
> 6) No Discrimination Against Fields of Endeavor The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
These came from the Debian Free Software Guidelines
Freedom
Completely serious.
Its not a money thing for me. Money I have. I gladly donate to several Linux projects.
Things like this: Debian Social Contract are the reason I use Linux. I am dubious of any corporate backed OS (including Canonical) and I stick to community based distros. (I would possibly consider Suse, since they cooperate heavily with their community in interesting ways, if the current community based distros did not meet my needs which they do) I've been fortunate to find a distribution tailored specifically to my needs in Solus.
I poked around on Linux (1996 or so with Mandrake) until Windows 10 was released an I read the EULA and looked at the Cortana settings. I haven't since then nor will I ever touch Windows again. Currently using Solus Gnome on my desktop and Debian Stable on my laptops; and always have a Tails live USB drive on me for Public wifi use / encrypted storage.
Very happy with this setup. (EDIT: I could not imagine going back to a traditional Windows style desktop after adjusting to the Gnome workflow. It has definitely increased my efficiency & focus)
I have never had so much control over my computing life as I have now.
Spot on point about Debian's shitty download page. Clicking through several links looking for an ISO for making a bootable USB drive got me here...just a list of files. Do I need all of them? Just one? Several links back there's long-winded a guide that might have the answer buried in it somewhere.
Compare this to Ubuntu, where you can just download the ISO directly from their download page and then use the "Make Startup Disk" tool to install it. Debian would be #1 if they spent some time on their usability.
Yup, there's a new sheriff in town. And her name is Jessie :) On a related note:
- Grab pre-built OpenStack images ready to use here.
- And, you are just an apt-get dist-upgrade away from Jessie! Find how, reading the official installation guide
Even the Debian project leader agrees:
> We should always be asking ourselves the difficult questions such as why the Debian Wiki did not become the much-lauded Archlinux Wiki
You have complete control over your system with pretty much any distro. This isn't something exclusive to Arch. You can choose your window manager, DE, core apps etc. on Ubuntu, Debian, Fedora, and so on.
Similar story with pre-installed stuff. Arch is only more minimal than the default install image for other distros, but most of those other distros also offer very minimal install images. For example: Debian's netinstall for amd64 is ~250MB, compared to Arch's 476MB image. This is only the install image so it doesn't exactly reflect the size of the system once installed, but I hope you get the point regardless.
People who don't understand much about Linux often tout customisation and non-bloat as advantages of Arch, because they don't understand that those points apply to most other distributions as well. In fact, I'd argue that Arch is less customisable than most. It's a shame, since Arch has quite a few actual advantages that people tend to skip over.
Your points about the AUR and the wiki are exactly the biggest selling points of Arch, in my opinion, on top of its bleeding-edge rolling-release nature. Closely tied to the AUR, I also like the package build system - it makes it very easy to compile a package yourself, for example if you wanted to patch it or adjust a compile-time option. It's hard to grasp exactly how great the AUR/wiki are until you switch from Arch to another distro and realise that a once-trivial task has suddenly become a pain, or that the concise and accurate wiki pages you're used to no longer perfectly apply to your system.
Don't undersell Arch as being "the customisable distro" - Gentoo has that title, and even among binary distros Arch isn't as customisable as some. No point giving people misleading information about customisation when there are plenty of real reasons that Arch is awesome :)
“quickly (unlike Debian)” illustrates the pointlessness of the flame-warrior style of distribution advocacy. Debian shipped the updated package on June 5th following the June 3rd vulnerability announcement:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962289#19
The security advisory went out on the 6th, which is the same day as the Arch advisory:
https://www.debian.org/security/2020/dsa-4697
https://security.archlinux.org/ASA-202006-2
The difference is that Debian tries to avoid breaking compatibility within a release and generally backports patches rather than shipping newer versions which change functionality. Whether or not you like that strategy, slagging a pure volunteer open source project really doesn't seem to have an upside for anyone — negativity isn't going to motivate volunteers.
Ever? The bug introduced into the RNG used for key generator one was pretty bad, and came from a Debian patch.
Quite a question, one that I'm not sure can be entirely answered in a reddit comment, but I'll give it a go.
Generally, I'm very disturbed about the lack of diversity in not only Debian, but the free software movement generally (and even more so in STEM subjects). The Debian Women project has helped foster a more welcoming atmosphere in the project and I applaud it for that. We also have a diversity statement.
The main way I'd alter the programme would be to offer more funding, which we now do via an outreach team.
I'm surprised that there's no mention of the official Debian Documentation. Specifically, the administrator's handbook and debian reference are great.
You can find both of them here: https://www.debian.org/doc/
> > > Debian needs to let their "stable distro" user's know what to do with their problems and bug reports. Those go to the distro packager, not to JZW.
We do. We have our own bug tracker, our own documentation on how to report bugs, and our own tools (reportbug) which report bugs directly to Debian. I'm certain we could do a better job, but we've definitely tried to address this problem.
If you (or any upstream) is getting bug reports from Debian users directly, and have specific patches or methods that can be used to mitigate them, we'd love to hear about them. You can even contact me ( or ) directly.
The FSF is the embodiment of all the worst ideas on how to run projects. They micromanage their coders through huge, extremely slow moving committees that work behind closed doors. Technical considerations and practicalities are overruled by prejudice, frail egos and petty politics at every step of the way. The FSF is hostile to most free software projects that are not run by the FSF to the degree that NIH syndrome is celebrated as a virtue.
The FSF created a good license and somehow got the ball rolling which are amazing accomplishments of both vision perseverance, but nearly everything they have done in the last 20 years has hurt the free software movement.
Some examples of how the FSF mismanages things:
Debian makes a point of running on a broad variety of architectures, so I doubt it. See here: https://www.debian.org/ports/.
Ubuntu has always focused on the PC, and because x86 is becoming more and more of a niche thing in favor of amd64, this move isn't too surprising.
> What bits of Linux are replaceable/swappable?
Everything.
From the C library to the init system to the desktop environment.
Everything, in fact, apart from the Kernel. Linux itself.
Because then, it's not a "Linux system"
Swap out the Kernel, and you have a non-Linux system.
Examples of which are:
Debian kFreeBSD
Gentoo FreeBSD
On top of the other steps already mentioned (VPNs and Tor):
Use open-source software (including for your OS). Not because it's better but because it allows for code review by anyone, which makes it more difficult to hide a backdoor or a malicious piece of code. Not impossible by any means, but it's more likely to get noticed and removed.
Don't link your services together. There is little point in using a VPN to protect your privacy if you then use your Facebook account to connect to Spotify, for instance.
Never use the same password for different services (especially for your mail account). Not directly linked to privacy, but if one of the services you use gets hacked at some point it ensures that the hackers (or whoever use the hacked infos) cannot connect to your other accounts.
Get to know the best security practices for your OS. Stuff like Debian has some awesome guides : https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
Kind of related to the previous point: Take some time to understand how firewalls work (especially the one you use). A good (but very strict) practice is to forbid all incoming/outgoing traffic by default, and then explicitely allow traffic from/to the services you trust. A well-configured firewall will get you a long way in terms of privacy/security. Also tools like Wireshark can help you see what's coming in and out of your network.
Stallman level of privacy: use open-source hardware and encrypted communication services (like Tutanota for e-mails). Thought that's very inconvenient in a day-to-day basis.
Edit: also forgot to mention the obvious: disable stuff like Javascript by default in your browser (plugins like ScriptBlock can make this more user-friendly). Your IP address is not the only way to figure out your identity: information like your screen resolution, OS, browser version, plugin combinations... can be used to narrow down your "profile", and Javascript for instance can provide those infos.
!Meanwhile in debian.org: Let's never update our website and keep updating pages that are never going to get linked to in the main page. Perhaps we should also drop the iso images in ftp/http and update the new ones as torrents without seed.
I just don't see why we don't model a Code of Conduct after Debian's:
https://www.debian.org/code_of_conduct
- Be respectful
- Assume good faith
- Be collaborative
- Try to be concise
- Be open
I know this is the copypasta response to the "I'd like to interject" pasta, but that aside, I'm not saying Linux is called "GNU/Linux", but the version of Debian that comes with the Linux kernel is known as "Debian GNU/Linux" (as opposed to "Debian GNU/kFreeBSD").
In this case, it is irrelevant whether your definition of "operating system" refers to a distro or the kernel.
> The combination of Debian's philosophy and methodology and the GNU tools, the Linux kernel, and other important free software, form a unique software distribution called Debian GNU/Linux.
If you want nonfree firmware (required for most modern WiFi) in Debian, you can use a different ISO to install like this one.
One of the Debian project's core aims, listed in their social contract is to remain 100% free. If this doesn't align with your needs, one of the great things about Linux is choice - a distro like Ubuntu makes using nonfree firmware easier. Alternatively, if you want WiFi and free software, you can purchase a WiFi card or USB that can run without nonfree firmware, such as those at ThinkPenguin.
I've used Debian for ~15 years and I have never seen an LSB application. Debian is still going to be compatible with other Linux distributions; there's no reason to change that.
Most likely I am part of a minority with my opinion, but actually I am okay with this; Up to now, it seems to be a responsible way of doing advertisment. I do not oppose advertisment as a whole (although I think most do not work as well as intended, but that's not the topic), I'm against the heavy tracking every advertiser is doing today. That's why I'm using Ghostery and NoScript. But if my browser is locally determining which advertisment will be shown and my privacy is minded, it is a valid way of creating income for Mozilla.
Additionally, it's very easy to turn off these advertisments if people are still concerned:
> Note: if you set DNT=1, it is possible that you may not be receiving Suggested Tiles. You can very simply enable them on the new tab page with the cogwheel. We made the decision to opt users out of all sponsored Tiles experiences if they have DNT=1 quite early on, as we believe that most DNT early adopters are seeking to opt out of all advertising experiences. However, it’s important to understand that no tracking is involved in delivering Tiles.
They actually mind people's position indicated via Do Not Track (sounds to me like this is the first documented effect of DNT).
I'm not really sure how people expect companies giving their product away for free are making money to survive or take up the fight against the "evil" parts of the internet. Yes, you even bought a shirt - That does not feed a developer and their family for long. The Linux ecosystem is based on corporate sponsoring as well, it's not like your OS is just happening. Even Debian, the most community distro, is only working because of its sponsors/supporters. And a lot of innovation pushing forward Linux as a whole is coming from Red Hat and Canonical.
I administer linux and have been using it as my primary OS for ~15 years, and have worked on a bunch of opensource projects. I love them. That being said, the company my friend works for just had some servers compromised by DirtyCow. When they did an audit they found they still had some boxes running Debian 3, which was EOL'd 11 years ago. If you don't enforce an update and patch policy you're eventually going to get comp'd. I'm sure there are old OpenBSD servers out there running vulnerable services as we speak.
Founder of Debian, one of the most popular and one of the oldest GNU/Linux distributions. It's also the most popular GNU/Linux distribution devoted to user freedom.
You don't seem to list any software actually used by distros. Any reason for that?
For example debian uses auto-builder and wannabuild https://www.debian.org/devel/buildd/ Fedora uses Koji https://fedoraproject.org/wiki/Infrastructure/KojiBuildSystem etc.
The package build systems are going to be different than generic CI, but possibly better adjusted to what your want to do.
> Debian is ok, but sometimes they lag behind on security updates
Just in case you didn't know:
> From https://www.debian.org/security/faq#version > > Q: The version number for a package indicates that I am still running a vulnerable version! > > > > A: Instead of upgrading to a new release we backport security fixes to the version that was shipped in the stable release. The reason we do this is to make sure that a release changes as little as possible so things will not change or break unexpectedly as a result of a security fix. You can check if you are running a secure version of a package by looking at the package changelog, or comparing its exact version number with the version indicated in the Debian Security Advisory.
Please consider donating to Debian GNU/Linux!
The easiest method of donating to Debian is via PayPal to Software in the Public Interest, a non-profit organization that holds assets in trust for Debian.
https://www.debian.org/donations https://www.spi-inc.org/projects/
They exclude things like Debian, despite Debian itself meeting their criteria, because Debian makes it easy for their users to install non-free software using the same tools as the distribution itself.
To try and explain with an example, If you install Debian you can then install packages from within the Debian distribution using apt-get install ..... If you then choose to enable non-free repositories, you can install non-free packages such as doom-wad-shareware, also using apt-get. You have to explicitly enable non-free repositories.
Debian tries to make it clear that they are not part of the distribution. But the packages are uploaded by Debian developers to Debian's master FTP and are distributed alongside the Debian distribution packages on the mirror network. They are also versioned specifically for the Debian releases.
An interesting twist on the story: in 2006 Debian decided that the GNU Free Documentation License was non-free, and so much of the GNU project's documentation is relegated to non-free in Debian.
I agree with you mostly, but there are some advantages even with machines that can run Windows:
Linux as an operating system uses much less disk space (around 5 GB at worst, but 1GB if you use a light desktop environment light XFCE). This is especially relevant if you use SSDs and want to use it for your OS as well as your games.
You don't have to buy a new OS version just to get the latest graphics API.
You don't have to reboot your computer after installing updates.
These things might sound minor, but when combined, especially for casual use like an HTPC or laptops, these things make a lot of difference.
EDIT: Changed the install size statement to be reflect a "typical" installation. Although if you're building a pure gaming or HTPC, I would actually recommend to use a light-weight environment like XFCE as that also improves framerates.
It's not that easy, but it also isn't particularly difficult.
do-release-upgrade is an Ubuntu thing. Debian doesn't have a direct equivalent, you are expected to follow Chapter 4 of the Release Notes.
Sid is not stable. If care is taken by watching devel lists you can probably get along by avoiding upgrades when things are broken. Personally I gave up on trying to have the latest. My desire to have new shiny stuff had very little to do with how much newer versions actually improved over old ones for most software.
External repos are no big deal as long as they don't conflict with Debian packages. Add a line to /etc/apt/sources.list or a file in /etc/apt/sources.list.d/. Run aptitude update and you have access to those packages. For Nvidia driver it's generally recommended to use the Debian packaged nvidia drivers.
I'm not 100%, but I think Torvald's reference was in relation to kernel development. Debian's packaging and build systems aren't really tailored for doing development (particularly for core things like kernel, xorg, etc). I would say they are built to get packaging right, and they do that by being rather complicated and obtuse sometimes.
AFAIK binary distribution just means binary packages are distributed as opposed to a source distribution where a machine downloads source and builds the package to be installed.
I like Debian's large software library. Debian packages are usually well made, include good documentation and provide a consistent environment to work in. Debian's social contract outlines things that I think are important to free software and help ensure Debian remains a successful distribution so I feel like I can depend on it for a long time to come.
Sure, it's quite a bad idea, but it happens. Debian OpenSSL, for example, reads uninitialized memory for extra entropy. It caused a pretty well-known security bug back in 2008, too: link.
The Debian philosophy page was my initial reason for going Debian. While some other distros may not be corporate, I just appreciate the way Debian operates as an organization.
Debian stable does not upgrade to newer kernels with new unknown bugs. The bugs you have are known, and you can depend on them not to change during the lifetime of the debian release. This makes debian among the most reliable distos, and why it is used in the most critical applications.
Security issues/bugs get fixes backported to the kernel version in the release. So as long as you have the security repos enabled [1] you are "safe".
If you need support for newer hardware, you can use a kernel from backports [2].
[1] : https://www.debian.org/security/
[2] : https://backports.debian.org
Edit: Forgot to mention that debian stable is where i run critical servers and services. But for daily laptop/desktop use I run debian testing. This allow me to learn and use the next illteration of debian for some years until i need to run them on servers. It is a rolling release, with a laggy periode in front of stable releases. "Testing" may sound scary, but it is very reliable. I have not had any issues running debian testing for over 8 years. And issues in the past was a relativly easy fix.
> TIL I've been doing it wrong sometimes :)
No, no you haven't. This is just /u/cbmuser 's personal opinion.
The Debian project however recommends to always file bugs in the BTS (Debian's but tracking system). If necessarry, the maintainer will forward the bug upstream.
> Don't file bugs upstream
The manual has a section on upgrading from Debian 10 (Buster): https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html
Note that this is definitely overly lengthy. They're extremely robust instructions intended for sysadmins, and contain a lot of additional details that may or may not apply to a basic, home use-case. For most basic users, they likely don't need to do anything more complicated than change "buster" to "bullseye" in their /etc/apt/sources.list file, apply the new format for the security line, and then run "apt update && apt full-upgrade" as root.
See: https://www.debian.org/security/faq#testing
But Ubuntu is not Debian testing, Ubuntu is Ubuntu, so that conclusion can't really be drawn from those observations.. all you can conclude is that Ubuntu haven't updated their package.
https://www.debian.org/ports/powerpc/
"The last supported release for 32-bit PowerPC is Debian 8 ("jessie"). See the release note and installation manual for further information. "
I'm afraid you have to downgrade to make it work properly.
> But why shouldn't that winner be Debian?
I'd argue that it would never be Debian because of their philosophy. Don't get me wrong, I'm not personally against their philosophy of open-source only, but back in the day hardware support was total crap and included quite a few binary blobs, so you needed somebody like Canonical to include the non-free bits to get hardware to work.
I don't think so. The bug became known in in May, 2008, and the Xkcd comic seems to be from February, 2007.
(Cumulus co-founder here)
The X557-AT2 has been a real pain for us and our customers. The good news is that, as you note, it'll all be fixed as of 3.0.
Couple of minor clarifications:
1) While we don't support the FreeScale version of the LY9, we do run on many FreeScale (PPC) platforms, as well as ARM. One of the reasons we based Cumulus on Debian is Debian's great support for many CPU architectures: https://www.debian.org/ports/ That said, it is almost always worth it to pay the few extra dollars for an x86 based switch, since it is easier to get 3rd party (open source or commerical) software on it.
2) Broadcom and Cumulus do native HW L3 routing today. The limitation with Trident2 is that you can do L3 routing, or you have hardware terminate VXLAN tunnels, but not both at the same time. Future chips will be able to do this. Broadcom calls this "RIOT" or Routing In and Out of Tunnels.
https://www.debian.org/security/2014/dsa-2896
Current stable (wheezy) is vulnerable. Old stable (squeeze) is safe.
After installing the patched libssl you must manually restart all affected services. This includes at least Apache and OpenVPN. To get a full list of PIDs using OpenSSL use:
sudo lsof | grep -E "/usr/lib/$(uname -m)-linux-gnu/lib(ssl|crypto)" | awk '{print $2}' | uniq
OpenSSH uses OpenSSL but is not believed to be at risk because it does not use SSL.
According to the advisory, you should consider all SSL keys as compromised. It also says more details to follow.
From: https://www.debian.org/security/faq#contrib
> Q: How is security handled for contrib and non-free?
> A: The short answer is: it's not. Contrib and non-free aren't official parts of the Debian Distribution and are not released, and thus not supported by the security team. Some non-free packages are distributed without source or without a license allowing the distribution of modified versions. In those cases no security fixes can be made at all. If it is possible to fix the problem, and the package maintainer or someone else provides correct updated packages, then the security team will generally process them and release an advisory.
Per "quality and stability", patches generally can't be made to the original source to fix any upstream issues (as might be done for free packages), but otherwise, the usual standards for packaging aren't any different.
I don't care to draw a hard line, but I definitely trust Debian's packages even more than upstream in most cases. Which is not to say they don't make mistakes, but they often catch issues that upstream misses or doesn't care about.
Bingo. My biggest problem with CoCs in the past is the enforcement thereof. I've seen projects devolve into Social Justice bullshit very quickly, but I've also seen other projects that try to devolve into that end up having that be derailed entirely, and things go along quite nicely. Hell, even the Debian project has a CoC, but you don't hear people whining about that nowadays..
Anyways, I have faith the Linux kernel development will be fine. It's too technical and requires too many specialized developers for it to be fully derailed - far too many people that work on it quite simply won't care about the CoC beyond maybe being a little more polite in the mailing lists.
And, if the Linux Kernel gets derailed, whatever. It's all open source, so the developers can drop the project and work elsewhere.
Use the non free images. The official images only provide Free Software.
https://en.wikipedia.org/wiki/Free_software
http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/
More details about the non free repo etc:
https://www.debian.org/doc/debian-policy/#document-ch-archive
> I am aware that some companies use proprietary softwares and drivers as well but the kernel is free
Actually, no, the kernel usually includes some proprietary blobs, mostly device drivers. There are a few distributions that don't have proprietary blobs in their kernel, and don't distribute proprietary software in their package repositories. The Free Software Foundation has a list that you can read if you want to.
There are a couple of items missing from the list, that the FSF won't include for weird political reasons:
- OpenBSD is an excellent fully-free OS. It is not Linux, nor is it newbie-friendly, but it is fully free.
- Debian is fully-free. It is excluded from their list because it has a documented method to install non-free software. The user has to go to a lot of trouble to enable it, and it's very difficult to accidentally install non-free software. Therefore, I would call it a fully-free distribution.
You would typically remove the backports repo (and other repos besides the main ones, any pinning, etc.) during the upgrade process, you could then add it again after the upgrade should you wish to continue using packages from backports.
FYI the docs on upgrading are well worth reading thoroughly if you want the process to be as hassle-free as possible: https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html
/u/MrTimscampi and /u/nullsum pretty much summed it up.
Jellyfin is and will always remain free software and free in cost, for everyone. I'm strongly opposed to the "open-core" model of FLOSS as well. We also couldn't change the license if we wanted to since we (a) didn't have original copyright, and (b) have no CLA or other mechanism, by design, to prevent every individual from exercising their rights should there be a kerfuffle about this.
Right now it's just a "trust us" combined with "mechanisms to prevent it", but a long-term goal of mine is to write a formal "Jellyfin Social Contract", similar in scope and function to the Debian Social Contract, as well as a project constitution in order to keep it that way long-term. For now, I have no plans to step down or relinquish project leadership status, so my opinions, some would say extremist, on FLOSS remain a guiding force, and the Debian model is my inspiration and guide for how to build a perpetually free project.
> Why is the version of "intel-microcode" package in the stretch-backports repo older than the one in the normal stretch repo?
There was a security update for the intel-microcode package a few days ago. Backports doesn't really get security support, so it can take a while for that newer version to make it to backports.
https://www.debian.org/mirror/ftpmirror
If you use Debian, This is where your computer downloads packages from if you update or install them from the default repository! So when you run "apt-get install x" your computer looks for "x" in this repository. If you use aptitude as your package manager, you can find the address of the repository in /etc/apt/sources.list
I agree with @itsbentheboy, it's smaller that I thought.
What's the problem with this? It literally just says everybody's welcome.
I'm not sure what "salad" means in this context so apologies if I've misunderstood.
I hope they finally get rid of all those insecure WebKit libraries in their repositories when they don't have the resources to maintain them properly.
> browsers built upon the webkit, qtwebkit and khtml engines are included in Jessie, but not covered by security support. These browsers should not be used against untrusted websites. https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#browser-security
Of course this not only applies to browsers but every other application which uses those libraries, e.g. email clients and rss reader.
Depends on the release you're using, Debian stable (Jessie at the moment) is meant to be stable, so it does not track the bleeding edge of everything upstream, including the kernel.
Debian testing on the other hand has very new versions of all things, including the kernel, but sometimes some combinations of packages can be slightly broken for a while. If you use testing, I suggest also installing apt-listbugs and apt-listchanges so that you get warned of incompatibilities and bugs before you upgrade.
Right. It's unfortunate :/
Don't get me wrong, I do believe there are social aspects that must be improved in our industry. But the way this is unfolding does not invite to actually help that process. Rather the opposite, I now just want to go back to my small OSS projects and keep under the SJW's radar. What a stupid shame. I had no idea so much drama had happened in the past couple of years (say this Opal issue for instance) but I was appauled about the raw attacks the SJW push forward (even though I sympathize with the need to improve things). But worst part was, when I started to look at the GH profiles of most of these folks, they had little project/code activities at all. Of course, they may contribute outside of GH so that's skewed. But still, it was saddening to see folks, who actually provide a valuable service for free, being attacked that way.
I also wonder why the Linux foundation went for that specific CoC when they could have been transparent and at least put options forward (say the Debian one for instance).
I like that it is 'free' first. It isn't partly managed by some company that hides some functionality behind a paywall (eg Redhat/Ubuntu).
I also like APT in that it solved 'RPM hell'. Having a tool that solved dependencies was wonderful. Though almost everything does it these days, when I first used Debian that wasn't the case.
I have had a long history with Debian. Over 18 years now. So I like it because I am very used to it. A long time of usage means I can be pretty productive on it and use it for the things I need to get done.
16.04 is the LTS release. If you want more stable and less buggy than that, you'll have to go with Debian Stable. It will feel familiar because Ubuntu is built with Debian packages.
Where some distros use time to schedule releases (like Ubuntu with the .04 meaning April and .10 meaning October), Debian releases when it's ready.
Check out https://www.debian.org/releases/. In the index, they have information for every release. A release could happen in any month, and any number of years/months could go by between releases.
No set schedule.
I have always thought that Debian Med is a fantastic initiative, especially in some developing countries where free software alternatives in government hospitals could free up some cash for more important things.
It also poses a great opportunity for those in the market of IT consulting to push FLOSS alternatives to the medical sector.
Edit: grammar are hard.
If you use Debian netinst installator, in expert mode, and unselect all options during package selection, you should get just a base Debian install without GUI, any services, etc. This is commonly used as a base for custom Debian installations, in servers, container images.
Debian has been using that naming scheme with GNU/kFreeBSD for a long time because "FreeBSD" means both the FreeBSD kernel and userland, and kFreeBSD means only the FreeBSD kernel.
これだな
https://security-tracker.debian.org/tracker/CVE-2016-0728
だが今回修正されたLinuxの脆弱性はこれだけではない
https://www.debian.org/security/2016/dsa-3448
Debianが公開した5つの脆弱性のうちの1つがこれ
しかし
> この脆弱性はLinuxカーネル3.8以降のバージョンに存在しているといい、PerceptionではLinuxのセキュリティチームに報告するとともに、コンセプト実証(PoC)コードも公開した。
はあ? ダメだろそれは
と思ったら
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
> While the vulnerability has existed since 2012, our team discovered the vulnerability only recently, disclosed the details to the Kernel security team, and later developed a proof-of-concept exploit.
バカヤロウ、POCを作ったのはカーネルチームに報告した後で、POCの公開は脆弱性公開と同時だろうが
この重要な点を間違えている点でITmediaは失格
This is quite shocking. Didn't follow his life but have to respect what he accomplished. Even if you have never heard of the Debian distribution of Linux there is a very high possibility you have visited web sites running Debian servers or one of the many Linux distributions based on Debian.
https://www.debian.org/News/2016/20160105
From the Debian Web Site about page. >Debian was begun in August 1993 by Ian Murdock, as a new distribution which would be made openly, in the spirit of Linux and GNU. Debian was meant to be carefully and conscientiously put together, and to be maintained and supported with similar care. It started as a small, tightly-knit group of Free Software hackers, and gradually grew to become a large, well-organized community of developers and users.
>Since many people have asked, Debian is pronounced /ˈde.bi.ən/. It comes from the names of the creator of Debian, Ian Murdock, and his wife, Debra.
The code of conduct they ended up merging is terrible because it's a blacklist which reels off the trendy social issues of the USA in 2015. It carries too much political baggage:
> We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
What about nationality, political leanings, social class or criminal history? Whoops, it's fine to discriminate based on things that aren't considered important this specific person.
Debian's is much better and doesn't carry the same political baggage:
> The Debian Project welcomes and encourages participation by everyone.
> No matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community.
> While much of the work for our project is technical in nature, we value and encourage contributions from those with expertise in other areas, and welcome them into our community.
It's nice that you like Arch, but the differences you cite between the two aren't software but policy. Debian has a social contract which includes a set of Free Software Guidelines (this is what the "dfsg" part of some filenames stands for.) Certain bits of hardware require non-free software in order to work. Debian does not provide these (or any) non-free components in a default install, though it's pretty easy to set them up by hand (as you found out.)
Also, Debian has multiple releases, and different releases have different amounts of delay between upstream and distribution. There's always a tradeoff between having the newest software and having a stable distribution of software. Debian is more concerned with stability than many other projects are, and to make software stable and willing to play nice with other software takes a lot of time and effort on the part of maintainers.
I use Debian partly because it's a social phenomenon of a type I wish to support, and partly because Debian + Debian derivatives are probably the largest set of GNU/Linux installs extant. If you know Debian, you can also support Ubuntu, Mint, etc. Just as if you know Red Hat, you can support CentOS, Fedora, and so on.
It appears I have failed the Before You Ask test xD
I had just finished reading the two articles and moved onto the Debian doc pages, where, under the user manuals section, I found the behemoth Debian Reference textbook - a manual of Debian.
I had not known of it before, and falsely believed that Debian's "manual" was only in the form of the man pages and guides for each of its individual core tools, alongside a tutorial of how to use a terminal beforehand.
I will move to studying this, but will be immensely grateful for any further tips.
Ubuntu is heavily based on Debian, it's the biggest distro governed by the community (instead of a for-profit company), worth reading their social contract: https://www.debian.org/social_contract.
I usually use the netinst from here: https://www.debian.org/distrib/netinst
If you want to install Debian on a laptop you would want to use the nonfree version with firmware blobs (e.g. for WLAN chips): http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/8.2.0/amd64/iso-cd/
The installer will ask you to select your desktop environment, just choose XFCE when it does so.
https://www.debian.org/doc/debian-policy/ch-relationships.html
>Recommends > > This declares a strong, but not absolute, dependency. > > The Recommends field should list packages that would be found together with this one in all but unusual installations. > >Suggests > > This is used to declare that one package may be more useful with one or more others. Using this field tells the packaging system and the user that the listed packages are related to this one and can perhaps enhance its usefulness, but that installing this one without them is perfectly reasonable.
So basically...install recommended unless you are absolute certain you don't want it and know what the consequences are. "Recommended" is more like "Yes, the package can run without this other package theoretically...but not so sure if it makes sense that way" while "suggested" is more "If you install this package as well you will have additional functionality that might be useful for you"
For example for an archive manager frontend tar, gzip and bzip might be recommended...the frontend would still start without them but couldn't do anything useful. Additional archive packages that can also be handled like zoo or lha would rather be suggested. Of course depends a lot on the package and what the core functionality is.
edit:typos
Jep. Where it goes depends on what MTA is installed and how you configured aliases.
Debian, for example, has Exim installed as default MTA but it's only configured to do local delivery. In that case messages for root will go to /var/mail/root.
https://www.debian.org/releases/wheezy/i386/ch08s05.html.en
But you can also configure the MTA to relay the messages over smtp to another mailserver, so you get them in your personal email account.
Not gonna write out your essay for you but here are two resources:
http://www.gnu.org/gnu/manifesto.html
https://www.debian.org/intro/free
And another: http://www.catb.org/esr/writings/cathedral-bazaar/cathedral-bazaar/
None. SteamOS is Debian that boots directly into Steam Big Picture mode. You can literally just close Steam and use it like any linux.
Consider it just another distro like Fedora, Ubuntu, Debian, SuSE, Arch, etc are.
Neither is more secure than the other.
In order to exploit your machine, people need access, either physical or through the network. Whatever you open up to the internet determines your risk. Being a desktop/workstation I see absolutely no reason to open any incoming ports at all.
I don’t know much about Fedora, but Debian has a long standing reputation of being very secure when it comes to their choice of software versions. The downside is that the packages are somewhat old when a new release is about to hit. Debian usually also patches very fast.
Debian also has tools like the excellent debsecan, and an official manual on securing it.
As for SELinux vs AppArmor, I think SELinux is more capable, but it is very very hard to get it configured correctly, meaning you’ll probably end up with a policy with more holes than you intended. AppArmor is simpler, taking a file based approach, but because of its simplicity, it’s actually easier to configure just right. Both are great, and either one is adequate for most use cases.
This point release updates a bug in the package manager. https://www.debian.org/security/2019/dsa-4371
Use:
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
Did you see this on the linked page?
> This is the changelog for the master branch, the one that is currently in active development. The plain-text version of this document is available here: changelog.txt
> For other branches, the changelogs are distributed with the source,
This is the latest changelog of the 1.0.1 stable branch: https://git.openssl.org/?p=openssl.git;a=blob;f=CHANGES;h=e2edbaf66cca50994bfab80f523e5b5d24d348e1;hb=refs/heads/OpenSSL_1_0_1-stable
For the version number used in debian refer to: https://www.debian.org/doc/debian-policy/ch-controlfields.html#version
Distro bug trackers are open; I go and look at bugs on Ubuntu and Debian from time to time (on projects I work on, not Krita). We get at least an order of magnitude more bugs reported directly to upstream, and the users who report bugs to distros tend to be more technically aware, not less so.
That's especially true for Debian: compare this bug reporting process to opening an issue on Github. Which do you think users will do?
Is there a Debian based distribution that's hardened for use as the server OS for a Tor Hidden service?
I'm familiar with Whonix/Qubes, Kali, ParrotOS, but they all seem to be intended for use primarily as a client/desktop OS, rather than a server OS.
I want to be able to run Wordpress, with everything turned off except for the services required by Wordpress. I also want to be able to run (as a separate site) a Simple Machines Forum.
The Tor project itself seems to make use of debian. Are the automatic hardening scripts referenced here still recommended?
https://www.debian.org/doc/manuals/securing-debian-howto/ch-automatic-harden.en.html
If not, any pointers to the current best practices for securing a Tor Hidden Service server would be welcome.
Thank you!
Debian has lot's of ports: https://www.debian.org/ports/ One of them uses a BSD kernel instead of a Linux kernel.
Not every port has access to the whole repository (not every package has been ported).
Unless you have something very specific in mind, in general the programs available for BSD OSs are available for Linux, see for example: https://www.freebsd.org/applications.html
One thing, Debian GNU/kFreeBSD is nowadays more a proof of concept than an OS for daily use, if you are interested in a BSD OS, it's probably better to go straight to FreeBSD or OpenBSD.
Couple thoughts -
- Don't use unetbootin to write a Debian image to USB. As mentioned below use dd, cp or win32diskimager. unetbootin doesn't handle hybrid ISO images well. See here - documentation specifically says not to use unetbootin :)
https://www.debian.org/releases/jessie/i386/ch04s03.html.en
- Debian's installer won't run from an NTFS partition.
Ugh...
Although that doesn't look like it contains any egregiously bad advice, it's pretty sketchy.
No mention of the release notes. No explanation of why 'stable' or 'jessie' may be preferable. A few "I don't know whether you need to do this, but I did it anyway"s...
Try here instead - it really isn't that long.
https://www.debian.org/releases/jessie/amd64/release-notes/ch-upgrading.en.html
Debian is a safe bet. I'm using Debian testing with just one issue last year (concerning privative Nvidia drivers and a kernel update).
I find Debian testing quite balanced between updates/stability for my needs. You can check current version of packages in Debian branches here: https://www.debian.org/distrib/packages).
BTW, I am a professional software engineer and use this as my main workstation (although I wouldn't choose Debian testing for production environments, of course).
IMHO, the remedy is straightfoward: make the big download button link to the Getting Debian page instead of the netinst ISO. Job done.
Those new to Debian will benefit from the guidance on that page. Anyone so inclined to use the netinst ISO would probably already be familiar enough with Debian to figure out which image they need and where to look.
>I really dont know why some one would still use aptitude
My answer is simple, I used patterns for scripting in the past: https://www.debian.org/doc/manuals/aptitude/ch02s04s05.en.html and I don't find similar powerful functionality in today's apt, at least I am aware of.
However the drama is that I find Aptitude to be no more reliable nowadays.
I think the problem is unetbooting, the debian faq explicitly mentions it. The best way would just to 'dd' the image to a stick but then you already would have to have a linux/unix to do that. https://www.debian.org/CD/faq/#write-usb
You can find out which packages are available in (which version of) Debian here.
> With the change I want to have my system consume less energy and to be faster while using the same desktop environment and apps that I have been using under Ubuntu. I also want the system to be in small in size so my customised distro eats up less storage.
Do you have any reason to assume that switching do Debian will achieve that? Debian is great, but if you're essentially using the same software, I wouldn't expect big differences regarding performance or usage of power or storage.
>You simply cannot provide all the necessary manpower to do proper quality assurance and security maintenance.
And neither can the Debian team: https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#limited-security-support
Yet I don't see you criticizing Debian for those issues. You even lie when someone mentions them, e.g. you claimed that against what your documentation says those libraries are covered by security support, you claimed that Debian wasn't affected by those hundreds of CVEs and in the end upstream is to blame for everything.
No.
The reason those vulnerabilities are not fixed in Debian 8 is because Debian didn't consider it possible to do webkit updates without regressions. The only reason webkit was released with Debian 8 is because it's a dependency of so many apps. [1]
https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.html#browser-security
There's a chance that Debian 9 could be different since webkit2gtk is managed better for distros than WebKit 1 was. Ubuntu at least has been able to successfully update Ubuntu 16.04 LTS from 2.10.9 to 2.12.5 to now 2.14.3.
On the other hand, webkit is a huge blob of code where it's easy for regressions to slip in undetected.
[1] An example of an app removed because Debian Security considers it unsupportable: VirtualBox which currently will not be available in the Debian 9 "Stretch" repositories.
I do so quite often, and I've used Orange Pi PCs and Debian x86 boxes in many commercial applications. Debian's package maintainers do an amazing job of producing the highest quality OS & package archive I've encountered, and they ensure that I won't get sued or have people make claims of copyright infringement against my products thanks to the Debian Free Software Guidelines.
To run into licensing like this in a Free Software project is a huge surprise for me, and is probably going to make me rebase this current project on another SBC since I would rather go with Debian, where I know I'm legally good to go, than pick through another OS and spend hours writing Ansible Playbooks to fix what'll be copyright violations like this. I really do not want to end up in a legal gray area or clearly in the wrong, which thanks to OP's warning (/u/givemsm) I'll be able to dodge, and instead use my time on a more productive project.
Win9x is a bad comparison...it's not a preemptive multitasking system...more just a glorified UI on top of DOS.
So getting down to exactly the win9x specs is really a bit hard on linux if you want a graphical interface (If you can do with just with a shell it's no real problem). But there are several small systems that come pretty close: DSL needs a 486 with 16MB ram, 50 MB harddisk. Debian's minimum requirements for a system with desktop are 128MB RAM and 5GB harddisk space...pretty much comparable to XP.
The lack of 386 support is a compiler problem...gcc doesn't support 386 anymore as far as I know so to make executables that still run on 386 processors you would have to go to very old versions of gcc that most likely can't compile modern programs. So 386 support is really dead...not much that can be done there.
And both examples provide far, far more than windows 95. Maybe you don't remember it...but windows 95 didn't even come with a TCP/IP stack by default. No internet connection without installing additional software/drivers. It also had only one filesystem..FAT. No logging daemons, no usb support...it's easy to forget how little win95 really did.
There is along history between Debian and the FSF. Each of them has criticisms about the other, the relationship goes both ways. The FSF is dogmatic in certain points, and more pragmatic in others, same as Debian, but they disagree on certain details.
For example, Debian doesn't even agree everything produced by the FSF to meet it's requirements for free-software.
So, your argument, which assumes the FSF represents dogmatism against debian representing pragmatism, doesn't really apply.
If you want to know exactly why one won't endorse the other, you'll have to go into a lot of detail about how each one defines and expects things.
But the FSF does endorse Debian without the non-free repos:
>the FSF does acknowledge that Debian's main repository, which by default is the only place packages come from, is completely free
They work together often.
But why? Did you hear me complaining about an bug? I don't think so, I just wanted to warn other users about a potential problem, because I think in the gaming community are some people who will run unstable because of the more recent packages which will potentially give you some more performance.
Until now I was always able to recover from problems I had because of using unstable distributions and was often able to write a bug report that may helped the maintainer/developer of the affected program/distribution. So searching bugs is not my main drive to use unstable, it is more that I like bleeding edge software and don't mind when I get a bleeding nose from using it.
Also I think it is much more likely to find bugs and report them so they can be fixed before they go into the stable branch when you use unstable as your daily driver. And to be honest Debian unstable is not as unstable as the name makes it sound.
Sure I wouldn't recommend unstable to Linux beginners for them is stable.
Quote from debian.org
The unstable distribution is where active development of Debian occurs. Generally, this distribution is run by developers and those who like to live on the edge.