this post was submitted on 05 Aug 2024
435 points (93.8% liked)
Linux
48365 readers
1629 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Now actually use it for a couple of years. Then you'll see whats special about it.
For me personally, Ubuntu was breaking on every dist upgrade, the software was always out of date or not available in the repos. Been running arch for 5 years, same install, even transplanted it over to newer computers without issues. When some package is missing, I can throw together a PKGBUILD with chatgpt and put it on the AUR for others to use. It fucking rocks and is extremely sturdy while allowing me to do with it whatever I want.
But yeah, besides that, it's just a linux. The individual things it does well are not even exclusive to arch. Ideally, you should not think about your OS at all and it should be out of your way, while you do something on it.
Yup, Arch is by far the distro I have had the fewest amounts of technical issues with. Yes, you need to know what you are doing or be willing to read docs, but there’s no magical bullshit, maintainer capriciousness and lack of planning happening like I have unfortunately witnessed all too often while using other distros.
Makes sense. Do you find that by having the same install for so long (including transplanting it) that you have accumulated a lot of bloat? One of the things I really enjoyed about a fresh install was that I knew there wasn't a build-up of digital junk files, but with Arch fresh installing every once in a while just seems impractical.
I've been using Arch for about 15 years or so, and yes, I build up cruft... in my home directory ;-). The system itself is remarkably good at keeping tidy. The one spot to keep an eye on is /var/cache/pacman, as that's where it stores every package you download before installation and it won't delete it without you asking it to.
Any new config file will be saved with a
.pacsave
extension, so you'll want to keep an eye out for those, but that's basically itWhich is a good point to remind people to install
pacman-contrib
and make runningpacdiff
regularly a habit...Not in any bothersome way. But if you really want to reinstall often that is valid as well. You can very easily script the arch install process to get you back to the same state far easier than other distros as well. Or you can just mass install everything except base and some core packages and reinstall the things you care about again which almost gives you a fresh install minus any unmanaged files (which are mostly in home and likely want to keep anyway).
The main trash you accumulate are config files in you home directory because they stay after the package is uninstalled. And they just sit there not hurting anybody.
Most of the junk accumulates in /home and I did a cleaning once, where I got rid of a couple hundred GB there, from stuff that was either already uninstalled or still installed but unused for years.
In the other root directories, I didn't find much tbh. My / (excluding home) takes up 40GB and I don't think it was significantly lower years ago as the bulk of it comes from necessary program files.
Any major Linux distribution has a system for building packages, it's not something special to Arch. In fact, Arch's great advantage of the aur repository actually becomes a disadvantage by introducing instability and insecurity into your system when you add programs from that repository. It's amazing that people criticize Windows security with .exe's and then install packages from external repositories with the security of "trust in the repository". How can you trust code with root access to the system just because it's in the aur repository? That's the main question I would ask Arch users.
It's a choice. We know that it's riskier to use stuff from AUR. Which is why it's highly recommended to read the PKGBUILD before installing the package. The basic Arch install doesn't even include an AUR helper. That said, AUR is typically very reliable for packages with a decent userbase. It's mostly due to the community aspect. Bad actors are caught relatively easily as the PKGBUILD is available to look at.
As with almost every case of these sorts of comparisons, these are likely separate groups of people holding separate groups of opinions.
I don't use Arch anymore, but when I did I found that the AUR was really useful to quickly install niche applications that would take ages to be approved on to an official repository. Often those would be made by the application developers themselves or members of the community. I would personally vet the packaging script myself, but I'm sure many wouldn't - and that's fine. As with most software, there's some trust involved and often you assume that if you're installing from a reputable repository it's going to be fine. If people aren't vetting the installation scripts and are installing from random repositories, that's really their problem. I'm glad the possibility existed and it's the one thing I've missed in distros I've used since then.
I have built packages for all the major ones. Non arch packages are a pain to build and I never want to do it again. In contrast arch PKGBUILDs are quite simple and straight forward.
Because you can view the source that builds the packages before building them. A quick check to not see any weird commands in the builds script and that it is going to an upstream repo is normally good enough. Though I bet most people work on the if others trust it then so do I mentality. Overall due to its relative popularity it is not a big target for threats when compared to things like NPM - which loads of people trust blindly as well and typically on vastly more important machines and servers.
Not sure if sarcasm or actual disinformation. You're not supposed to trust the aur, that's kinda the whole point of it. The build scripts are transparent enough to allow users to manage their own risk, and at no point does building a package require root access.
Well there is far less malware on Linux tbf so comparison is not completely accurate. But same caution applies, try to vet and understand what you install. That part is also easier with the AUR as it's transparent in the packagebuild what it does unlike random exes with closed source. It's also a large community with many eyes on the code so unless it's a package with few users then it's gonna get caught pretty quickly.
That's a common misconception. Linux is the most popular OS for servers. There are a lot of malware for Linux, probably even more than for Windows.
I think you're missing the context. We're not talking servers here but desktops. Arch is typically used on desktop systems. The threats that face desktops and servers are not the same. Same goes for risk and potential damage. Also please provide a source if you're trying to debunk "common misconception".
That is, you admit that most aur users delegate that function to other eyes instead of auditing the external code they are installing. A user repository outside of the official distribution repository is not a secure means of installing packages on the system, which may have root access to the system and the source code may change with each package update. Do you think that every time there is an update to a package that is not widely used, others will audit the source code for you? For that reason I stopped using Aur and by extension Arch, as their software catalog outside of aur is small.
Your comparison was with random exes on the most targeted, malware infested operating system out there.
Many eyes are always better than no eyes. I'm not saying you shouldn't vet the code stop misinterpreting but no one knows or catches everything by themselves. That's why security needs transparency. If it's as insecure as you're saying we would have way bigger problems but we don't. AUR is not as safe as the Arch repository sure, but definitely safer than installing random exes on Windows. It's a flawed comparison you're making.
If you're paranoid you should be on an immutable distro cause xz backdoor was in some official repos. Repo maintainers do not catch everything either it was just a mere coincidence someone caught it(again thanks to transparency & many eyes on code) before mass deployment. Installing anything with root access is a risk. Going online is a risk. But there are ways to mitigate risk. Some security you're always gonna have to trade for convenience.
Ubuntu is plastic
Linux distros are made for using, not teaching. That's what LFS is for: https://www.linuxfromscratch.org/lfs/
How is this relevant? They were talking about how Arch has a great user experience
Replied to the wrong post by accident.
To be fair, I pretty much do that with Windows 10...