But does that mean you have to completely hide any technical information from your website? It maybe I'm just too dumb to find it?
What distro is that based on? Indirectly mentioned by saying the Ubuntu apt repo is available.
What's the DE based on? You certainly didn't create a new one. It looks like a reskinned KDE to me.
You mention how fast it is, and that the new release has been optimized for performance. How? Did you fork KDE, the kernel, or apply some clever configurations, or did you get that performance for free because upstream just optimized their code?
How is this different from installing Ubuntu and adding flatpack and your KDE theme?
Again, first impression is this is a great distro for my mom et al., but for a HN submission I ended up with more questions than answers.
>What distro is that based on? Indirectly mentioned by saying the Ubuntu apt repo is available.
It's based on Ubuntu, for the most part. You get apt and Snap, with flatpak out of the box, now.
> What's the DE based on? You certainly didn't create a new one. It looks like a reskinned KDE to me.
This distro is actually GNOME, with a large handful of shell extensions emulating the Windows look-and-feel.
> You mention how fast it is, and that the new release has been optimized for performance. How?
It's Linux. Even with all of the extras they pack on, memory usage is still under 1gig on most systems, with most also idling under 1% of CPU usage on the desktop. It's by no means the fastest distro I've ever seen, but it's snappy.
> Again, first impression is this is a great distro for my mom
feels like the website was created by marketing department or a used car salesman.
Design makes all the difference and creates real business (and user experience) value.
Is it? With everyone talking about it here how important it is, I get the feeling it is over hyped. There is also not a lot or maybe actually no proof at all these sites became popular because of design. They threw massive amounts of VC money into marketing and networking and ads etc. And next to that they went viral (probably because of the massive amounts of vc money and people in influencer circles egging eachother on, for which you can find traces on HN and reddit easily): would be great to see some actual references how you came to say with such certainty this is 'because of design'.
For many, design also refers to how a product solves a people problem, how does it affect people’s lives, what’s it worth ...
People who practice (product) design spend time looking at usage data, talking to people and understanding what the impact of a design change is.
I think most will agree those are essential things for a product to be successful.
But it does also apply to your definition somewhat though: if we were marketing forcefed a solution which made (possibly better designed per your definition) competitors die, is this excellent design (per your definition) or is everyone parotting eachother because they had enough cash to 'win the race' and are therefor the new standard? Which has nothing to do with design (even in your broader definition).
Ps. I do agree with you but very much feel that GP is mostly talking about graphical design, which I simply do not think is as important as designers think it is. Compared to most other aspects.
Yes, design adds value, but the graphical aspect (margins, branding, etc) adds less than you think. In my view, given two technically equal systems, design only decides which system users will gravitate towards. Without good design, users will happily use your system, unless they know that there is a better-looking version of the same system elsewhere.
So this makes graphical design mandatory, but in a way that is to a great extent decoupled from value.
(I ask out of ignorance, not pedantry - I'm on Windows which only allows one filesystem choice and I've never felt limited by that)
I'm on Windows too (because professional constraints and bad hidpi support on Linux) after 25+ years on Linux.
I cry everyday because of poor filesystem performance. Don't know if it's due to NTFS, to Windows, or antivirus stuff (Defender which is disabled most of the time). Git operations in particular are very slow.
Any filesystem on a Linux box would feel 10 times faster :(
That's looking at large numbers of files and folders, but we all know that overheads like these tend to come about due to inefficiency at the per-file level scaling up.
Also might be worth checking you've got 8.3 filenames disabled and stripped from existing files (https://docs.microsoft.com/en-gb/archive/blogs/josebda/windo...).
Although in general I must admit I find Linux offers better performance due to less "hidden cruft" running - perhaps the issue is background services like Windows defender (and all the other ones that don't immediately leap out) like you suggest.
EDIT: finally managed to do it by tweaking a register. Weird, my filesystem already contains a mix of files with and without 8dot3names. Will monitor this in the future to see if there is an impact on FS performance.
It strikes me Microsoft struggles with significant legacy across much of their product range, that is holding them back. Between filesystems still supporting 8.3 naming, and client links to AD seemingly assuming that clients are on trusted LAN networks (in 2021), I wonder if their backwards compatibility could be their downfall.
In a competitive market where they weren't quite so dominant, it would be interesting to see if a startup could get good enough API compatibility through WINE that they could offer a commercial "windows replacement" distribution, offering remote management via an AD-compatible interface (that can run zero-trust via SSL, the way it should be designed in 2021).
I tried every Ubuntu release for a few years and we're not there yet. 21.04-beta now almost works except that fractional scaling makes it unusably slow.
I hear there is progress on the proprietary NVIDIA driver side. Maybe 21.10 will be the one...
But yeah, competition could do that so point taken.
Ps. An article made the rounds on HN the other day (can't find it back) that was rather confidently suggesting that it's Defender running in every CloseHandle system call. But it's all an obtuse black box so super hard to actually find out what's going on.
And for those who wants a to live dangerously, there is even a port of ZFS: https://github.com/openzfsonwindows/ZFSin
Windows/ntfs has (not as good) volume management (dynamic disks) and encryption (bitlocker). But nothing like the snapshot functionality.
In addition to "regular" backups - zfs snapshots can be used in order to present historic data alongside current state.
For any new Linux (or bsd) distribution - I think you really need a special reason not to use zfs.
There's even drivers for windows, macos, bsd - so it's possible to share disks/external drives with a sane fs with encryption support between installations (not sure how stable windows/macos is though).
For dragonfly bsd, they have their own hammer fs with clustering features. For older Linux distros, xfs is well proven tech. And "ext" is of course "standard".
I still believe zfs should be the default for new desktop/server installs.
The one drawback might be memory requirements on embedded systems.
Some other things one may care about even on desktop are compression, corruption detection, and deduplication.
I remember installing Zorin back in 2016 after watching an ExplainingComputers video on it. Brings back the memories ...
My one question is how security is upheld in what seems like a project maintained by a small number of people.
This is a really good question, and one that needs to be asked more. When it comes to distributions, small ones seem to either tend to blindly track their upstream (say Debian or Ubuntu), and add a few custom packages over the top, or go it alone completely, and have to manage all their own distribution and building.
The latter really needs a lot of time spent dealing with CVEs. When a backport of a patch is needed (for a non rolling release distribution), that's effort that smaller distributions can struggle with.
I can't find it just now, but I've seen a table comparing different Linux distributions, and their time in days to ship to users a patch for given vulnerabilities. Some of the bigger distributions were certainly not the best.
In terms of security around software supply chains, reproducible builds are one possible way to do that. Nothing (or almost nothing) is going to stop a rogue developer in the team from adding a malicious patch though.
> Zorin OS is a personal computer operating system designed and promoted for users new to Linux-based computers. (...) The new editions continue to use the Ubuntu-based Linux kernel and GNOME or XFCE interface.
I thunk here is a repo with all the extra packages that this OS variant has:
So seeing on HN was a shock to me. Recommended for old hardware nonetheless!
And yes, I know Flatpak has some way to go before it actually reaches that goal, but I don't see any other solution to this problem that Linux users in general seem to be happy just pretending doesn't exist.
If not Flatpak, do you have an alternative approach to propose to regular users who just want to be able to run a random application without worrying that it has access to all your information?
Flatpak tries to solve a problem I don't have. I use the packages from the distro (and you trust the distribution, isn't it?), and it provides any software I need.
So I guess it all depends on your requirements.
But I absolutely do not trust any of the software I install from the distribution's repositories. The packager doesn't analyse the code for all the software they add to the distribution, so it cannot be trusted.
Personally, I use Qubes OS, but people who's don't still deserve a secure operating system.
I'm very happy with the packages I get from Debian.
Add a bit of common sense, and it is enough for me (and I assume for most people, but hey!).
The solution is to simply not trust the software at all. This is the approach Qubes OS takes, and works really well. Most regular users don't really need to go as far as Qubes OS does though, and application level isolation that Flatpak is trying to achieve is enough.
I don't see how anyone can accept that any random piece of software is allowed to access all your personal files is acceptable. We certainly don't accept it on mobile platforms (how many posts do we see here about applications that scrape user's contacts?) so why should we accept it on the desktops?
Isolation that with gaping holes in it isn't isolation. Most flathub apps have "access to all your information" one way or another.
It's a pain to work with too, and it's dependency management result in outdated and handicapped dependencies (like when upstream base images decided to disable vaapi support in gstreamer).
The slapped on app store is feature creep of an extreme degree, and I suspect that's the biggest part of the agenda: side-stepping distro repos.
If you want to make a good sandboxing solution, make it standalone and don't mix distribution into things. Say, AppImage + bubblewrap.
I went thought some of the Flatpak applications I commonly use, and none of them had access to all my information. I'm not going to go through all of them, but this suggests that the quoted statement isn't true.
I stand by my original statement that Flatpak is the only system that tries to address this. The fact that you're suggesting two separate technologies in combination confirms this, in my opinion.
- vs code (https://github.com/flathub/com.visualstudio.code/blob/91e589...)
- chromium (https://github.com/flathub/org.chromium.Chromium/blob/1edd4a...)
- sublime text (https://github.com/flathub/com.sublimetext.three/blob/d1f617...)
- obs studio (https://github.com/flathub/com.obsproject.Studio/blob/051f6f...)
The applications above also provide other dangerous privileges, but they pale in the presence of filesystem access.
Examples of applications that have full device access (which is considered insecure and called "not ideal" in the flatpak docs), as well as sharing a bunch of namespaces like network and IPC (meaning these parts are not sandboxed):
- discord (https://github.com/flathub/com.discordapp.Discord/blob/maste...)
- steam (https://github.com/flathub/com.valvesoftware.Steam/blob/beta...)
- telegram (https://github.com/flathub/org.telegram.desktop/blob/beta/or...)
- lutris (https://github.com/flathub/net.lutris.Lutris/blob/beta/net.l...)
Of all the applications I sampled (some by popularity, some random I knew), all gave full device access and disabled network/ipc sandboxing. A significant chunk gave filesystem=host access (not even home, host!).
(I am however happy to see that the number of filesystem=home/filesystem=host manifests seem to have dropped.)
> The fact that you're suggesting two separate technologies in combination confirms this, in my opinion.
Whenever independent tasks need to be accomplished, independent solutions is the superior choice. The alternative are monoliths and semi-closed gardens.
I actually use exactly zero of the applications you mentioned. The ones I looked at was:
Spotify - Only access to music and pictures
Element - Keyring and download. It does get all-devices though which could be a problem
Signal - Gets access to a bunch of directories such as desktop and documents. This is a bit excessive.
Tor browser - No access (I wouldn't expect anything less)
Climaxima - No access, but I wrote that application so perhaps that's a bit unfair
Those as the applications I most commonly use. However, now that I look through the list of applications I have installed, I see some that I'm really disappointed are requesting full filesystem access, including GIMP and Kdelive.
> Whenever independent tasks need to be accomplished, independent solutions is the superior choice. The alternative are monoliths and semi-closed gardens.
I don't disagree with this. It's most definitely possible that your proposed approach is better, but as of right now, no one is making that easy (i.e. you need to know what you're doing to benefit from the security benefits).
Damn, that's bright! Is there a dark mode?
I seriously thought this was a joke. But after seeing the animation I was completely blown away! This is going to change how we interact with computers without a doubt. Wow.