Title is quite self-explanatory, reason I wonder is because every now and then I think to myself “maybe distro X is good, maybe I should try it at some point”, but then I think a bit more and realise it kind of doesn’t make a difference - the only thing I feel kinda matters is rolling vs non-rolling release patterns.
My guiding principles when choosing distro are that I run arch on my desktop because it’s what I’m used to (and AUR is nice to have), and Debian on servers because some people said it’s good and I the non-rolling release gives me peace of mind that I don’t have to update very often. But I could switch both of these out and I really don’t think it would make a difference at all.
I haven’t tried Bazzite yet, but I feel the same about the other ublue flavours.
I’m the most productive I’ve ever been. Tweaking everything was fun for a few years, but now I just need a distro I can trust, that comes with the tools to do anything.
I see rebases to Bazzite DX are available now. I might give that a go today.
I’m loving bluefin and I really want to go all in on the immutable stuff, but I’m having a hard time being productive on it. The devcontainers experience has been miserable (probably because I refuse to use VSCode and every other editor having poor or no support for it); I also had SElinux fuck me up when trying to build some complex dockerfile from a project at work (something that was supposed to just work took me two whole days of debugging - and I even managed to break bluefin’s boot process when I tried to mess with the SElinux configuration. This one was mostly due to my own inexperience with SElinux, combined with there being a lot less content on the internet about fixing stuff on immutable distros compared to traditional ones).
Honestly, even with VSCode, devcontainers are kind of just ok, at best.
They are very fiddly. The containers keep running when you close VSCode (which makes sense, and sure the resource usage is minimal, but it’s damned annoying) and you have to stop them manually. Meanwhile the commands in VSCode to work with/activate the containers are not super clear in terms of what they actually do.
Oh, what’s that? Need a shell inside the container you’re working in for testing things out, installing dependencies, etc.? Well, I hope you pick the right one of VSCode’s crappy built in terminals! Because if you want to use a real terminal, you are stuck with the crappy devcontainer CLI to exec into the container. A CLI that is NOT up to date with, or even includes, all the commands for devcontainers in the editor (which is what makes working with them in other IDE/editors such a pain in the butt…).
And this gets me…. What? A container I can share with other developers, sure, but it’s very likely NOT the container we are actually going to deploy in. So…
Yeah, I’ve also had a lot of frustrations with devcontainers in Bluefin. I really like what the Bluefin project is doing. The reasoning behind it makes a lot of sense to me. But devcontainers are kind of pushed as the way you “should” be writing code on Bluefin and it’s…. not great.
They do have Homebrew and Distrobox though, which helps a lot. I have ended up doing most of my development work on Bluefin on the host system with tools installed via brew, which is kept separate enough from the rest of the file system to still keep things tidy.
Overall, I think Bluefin is great and it, or something like it, may very well be the future of Linux… but the future isn’t here just yet and there are some growing pains, for sure.
Both podman and docker are on the image, you could just use containers normally without using devcontainers if you want.
Yes! This what I usually do. I will develop on the host using tools installed via Homebrew, then package/build/test via docker.
And to be clear, I really love the ideas behind Bluefin and use it every day. I’ve just kind of given up on devcontainers, specifically.
Yep, I’m with you. Project Bluefin is exactly what I want from an OS. My previous Linux experiences had all been awful UX, having to diagnose obscure issues and copy pasting decipherable terminal commands. Until Bluefin, nothing ever worked straight out of the box.
Bluefin’s main issue right now is a lack of good documentation. Like you, I’ve tried to get devcontainers working and they just don’t.
Not exactly a product from ublue but something in the same line:
Secureblue because of the reasons aforementioned for the ublue images where things are really darn rock solid out of the box AND because Linux is fundamentally behind in security and this project is trying to mitigate some of the big flaws.
I’m asking this because I haven’t tried secureblue: in what ways is Linux behind in security, and what does secureblue do to mitigate that?
And do any of those mitigations negatively impact usability?
Some answers to your first question you can find here: https://madaidans-insecurities.github.io/guides/linux-hardening.html
For the second question about in what ways Secureblue do mitigate that you can find more here: https://secureblue.dev/features
The last question about usability, is very usable. If you use Bazzite you may have a similar experience. It is not like QubesOS that isolate all processes making it even not able to use a GPU.
Thanks! That first link is an excellent resource for a security tool I’m working on. Specifically, gVisor, which I hadn’t heard of, but looks like an excellent way to harden containers.
I may rebase to secureblue from Bluefin at some point to give it a try.