Yes, and that’s the point of Archlinux. It’s nothing special, at least in the way it is configured. You make it special. You build your distribution more or less. You are the opinionated one, not the distribution. I think what people are “obsessed with Arch” is, that you have to manage it yourself and you build it yourself. It is the philosophy that is appealing I guess. In example not much is automated. Stuff is described in the wiki and community and it is expected that you learn the stuff and understand and then do it yourself, instead relying on automated and preconfigured stuff from a regular distro.
On my main system I use EndeavourOS, which is basically Arch, but with some pre-configs and opinions, and comes with some automation tools.
Nobody’s raving about the install, that’s just useful for people who don’t know what makes a Linux distro.
It becomes your personality after a few years because every update might break anything, and you need to regularly maintain random shit. Also if you forget to update regularly, the chance of everything crapping out rises exponentially.
I hope you’re using something like btrfs, because rollbacks are a must.
Not mine but from me and it sucks a little. I had a great pair of safety boots, very understandable that they would go missing. I don’t have a locker as I don’t need one, still a little surprised they went missing.
I always wonder whats up with people who steal shoes. Like, do you really fit them though? Wearing the wrong size fucks you feet up one way or another. So what all are they thinking there?
But also, work shoes are hellllluhhh expensiveeeee! I mean, when they're good. Or they can be absolute dog shit (but do what they've gotta do) and be cheap. But a good pair, I could see someone eyeballing. But when you show up to work in someone's shoes how do you explain you're not a premium fuck-face magee!?
Which btw is the reason many people ended up with Archlinux… after the x-th time looking up some configuration issues on another distro and landing there.
The Arch build system is just as impressive IMO. I’ve written Debian and redhat packages for at least two decades and Arch packaging is just so much easier to handle. The associated tooling for creating and managing build chroots is excellent as well.
Now actually use it for a couple of years. Then you’ll see whats special about it.
For me personally, Ubuntu was breaking on every dist upgrade, the software was always out of date or not available in the repos. Been running arch for 5 years, same install, even transplanted it over to newer computers without issues. When some package is missing, I can throw together a PKGBUILD with chatgpt and put it on the AUR for others to use. It fucking rocks and is extremely sturdy while allowing me to do with it whatever I want.
But yeah, besides that, it’s just a linux. The individual things it does well are not even exclusive to arch. Ideally, you should not think about your OS at all and it should be out of your way, while you do something on it.
Any major Linux distribution has a system for building packages, it’s not something special to Arch. In fact, Arch’s great advantage of the aur repository actually becomes a disadvantage by introducing instability and insecurity into your system when you add programs from that repository. It’s amazing that people criticize Windows security with .exe’s and then install packages from external repositories with the security of “trust in the repository”. How can you trust code with root access to the system just because it’s in the aur repository? That’s the main question I would ask Arch users.
It’s a choice. We know that it’s riskier to use stuff from AUR. Which is why it’s highly recommended to read the PKGBUILD before installing the package. The basic Arch install doesn’t even include an AUR helper. That said, AUR is typically very reliable for packages with a decent userbase. It’s mostly due to the community aspect. Bad actors are caught relatively easily as the PKGBUILD is available to look at.
Any major Linux distribution has a system for building packages
I have built packages for all the major ones. Non arch packages are a pain to build and I never want to do it again. In contrast arch PKGBUILDs are quite simple and straight forward.
How can you trust code with root access to the system just because it’s in the aur repository?
Because you can view the source that builds the packages before building them. A quick check to not see any weird commands in the builds script and that it is going to an upstream repo is normally good enough. Though I bet most people work on the if others trust it then so do I mentality. Overall due to its relative popularity it is not a big target for threats when compared to things like NPM - which loads of people trust blindly as well and typically on vastly more important machines and servers.
It's amazing that people criticize Windows security with .exe's and then install packages from external repositories with the security of "trust in the repository".
As with almost every case of these sorts of comparisons, these are likely separate groups of people holding separate groups of opinions.
I don't use Arch anymore, but when I did I found that the AUR was really useful to quickly install niche applications that would take ages to be approved on to an official repository. Often those would be made by the application developers themselves or members of the community. I would personally vet the packaging script myself, but I'm sure many wouldn't - and that's fine. As with most software, there's some trust involved and often you assume that if you're installing from a reputable repository it's going to be fine. If people aren't vetting the installation scripts and are installing from random repositories, that's really their problem. I'm glad the possibility existed and it's the one thing I've missed in distros I've used since then.
Not sure if sarcasm or actual disinformation. You’re not supposed to trust the aur, that’s kinda the whole point of it. The build scripts are transparent enough to allow users to manage their own risk, and at no point does building a package require root access.
Well there is far less malware on Linux tbf so comparison is not completely accurate. But same caution applies, try to vet and understand what you install. That part is also easier with the AUR as it’s transparent in the packagebuild what it does unlike random exes with closed source. It’s also a large community with many eyes on the code so unless it’s a package with few users then it’s gonna get caught pretty quickly.
That is, you admit that most aur users delegate that function to other eyes instead of auditing the external code they are installing. A user repository outside of the official distribution repository is not a secure means of installing packages on the system, which may have root access to the system and the source code may change with each package update. Do you think that every time there is an update to a package that is not widely used, others will audit the source code for you? For that reason I stopped using Aur and by extension Arch, as their software catalog outside of aur is small.
Your comparison was with random exes on the most targeted, malware infested operating system out there.
Many eyes are always better than no eyes. I’m not saying you shouldn’t vet the code stop misinterpreting but no one knows or catches everything by themselves. That’s why security needs transparency. If it’s as insecure as you’re saying we would have way bigger problems but we don’t. AUR is not as safe as the Arch repository sure, but definitely safer than installing random exes on Windows. It’s a flawed comparison you’re making.
If you’re paranoid you should be on an immutable distro cause xz backdoor was in some official repos. Repo maintainers do not catch everything either it was just a mere coincidence someone caught it(again thanks to transparency & many eyes on code) before mass deployment. Installing anything with root access is a risk. Going online is a risk. But there are ways to mitigate risk. Some security you’re always gonna have to trade for convenience.
I think you’re missing the context. We’re not talking servers here but desktops. Arch is typically used on desktop systems. The threats that face desktops and servers are not the same. Same goes for risk and potential damage. Also please provide a source if you’re trying to debunk “common misconception”.
Makes sense. Do you find that by having the same install for so long (including transplanting it) that you have accumulated a lot of bloat? One of the things I really enjoyed about a fresh install was that I knew there wasn’t a build-up of digital junk files, but with Arch fresh installing every once in a while just seems impractical.
Not in any bothersome way. But if you really want to reinstall often that is valid as well. You can very easily script the arch install process to get you back to the same state far easier than other distros as well. Or you can just mass install everything except base and some core packages and reinstall the things you care about again which almost gives you a fresh install minus any unmanaged files (which are mostly in home and likely want to keep anyway).
I’ve been using Arch for about 15 years or so, and yes, I build up cruft… in my home directory ;-). The system itself is remarkably good at keeping tidy. The one spot to keep an eye on is /var/cache/pacman, as that’s where it stores every package you download before installation and it won’t delete it without you asking it to.
Any new config file will be saved with a .pacsave extension, so you’ll want to keep an eye out for those, but that’s basically it
Most of the junk accumulates in /home and I did a cleaning once, where I got rid of a couple hundred GB there, from stuff that was either already uninstalled or still installed but unused for years.
In the other root directories, I didn’t find much tbh. My / (excluding home) takes up 40GB and I don’t think it was significantly lower years ago as the bulk of it comes from necessary program files.
The main trash you accumulate are config files in you home directory because they stay after the package is uninstalled. And they just sit there not hurting anybody.
Ubuntu installs upgrade well in my experience, unless you add weird and outdated software from external sources. A bit like manually installing pkgbuild files you found on Github. Stuff will break in the same way when dependencies don’t get upgraded.
That said, Arch installs will break when a random library decides to update, and Ubuntu will break years later when you decide to upgrade.
Except for maybe Gentoo, Arch is the most “gets in your way” OS I’ve seriously used. You need to be conscious of stuff like your bootloader configuration, the network manager you use, and sometimes the kind of Bluetooth daemon you’re running, or software may not work or break your boot. It’s pretty easy to use if you install Arch by picking the exact same software you can also find in other distros (i.e. the Ubuntu style grub+systemd+NetworkManager+Gnome set, or the Fedora systemd-boot+dracut+NetworkManager+Gnome set). Following the Arch guide without copying a preexisting software set will make your life very difficult, as I’ve found out.
Yup, Arch is by far the distro I have had the fewest amounts of technical issues with. Yes, you need to know what you are doing or be willing to read docs, but there’s no magical bullshit, maintainer capriciousness and lack of planning happening like I have unfortunately witnessed all too often while using other distros.
Asianometry - “Video essays on business, economics, and history. Sometimes about Asia, but not always.” – One of my fascination is the semiconductor industry and lithography. He tends to produce videos about said topics, and I love it.
tosh show – A breath of fresh air in the podcast scene IMO. Podcast hosted by Daniel Tosh, who has on non-celebrities (and a few moderate celebs but they are a rarity.) More ordinary people with interesting jobs come on and he talks to them and asks questions about what they do. It’s fun and interesting.
Fireship - “High-intensity ⚡ code tutorials and tech news to help you ship your app faster.” —I watch his tech news vids, Code Report, often. He does a great job of producing videos that are informative but also humorous with tech memes, related popular memes, and internet humor mixed into the tech news report.
Undecided with Matt Ferrell - “I explore how sustainable and smart technologies impact our lives. And I try to dive deeper into those topics to provide context.
Topics like electric vehicles, solar panels, and renewable energy that is meant to transition the world off of fossil fuels. Smart home technology that can make our homes not only more convenient, but safer and more accessible. Wearable technology that can track our health and save lives. Or how technology might be invading and breaking down the walls of our privacy.”
Good Work - “Fake business news.” Dan Toomey and the incredibly serious Good Work Investigative News Team plunge into the dark world of business and finance." --Their team does a great job of finding and applying witty humor to their videos. Think if NPR NewHour had a reporter but was witty, humorous, and covered ‘what the heck is going on news,’ and ‘what do they actually do’ topics and job titles.
S3 - “The stories of people working to change the world.” – Think high-tech endeavors that are pushing the envelope closer and closer to a Star Trek future.
I’m a pretty Podman novice guy too but I’m running quadlets since it automatically creates and runs these containers just like the other services would be with systemd. In terms of networking I can usually access to my container via publishing a port and using the PC’s IP where the container is running, and this is the default network that Podman uses initially.
I have a Jellyfin quadlet config, that may help you. I’ve had numerous sufferings to make a working one, but here you go (These 3 files are in ~/.config/containers/systemd/jellyfin):
kbin.life
Newest