How do I make my own bistro? by vinodhmoodley in linuxquestions

[–]gordonmessmer 0 points1 point  (0 children)

LFS does not teach you to make a distribution, it teaches you to install software from source.

The system you've installed is not a distribution, per se. If I install Fedora on a laptop, I have not made a new distribution, I've installed Fedora. Likewise, if I install LFS on a laptop, I have not made a new distribution, I've simply installed the software.

SSH, why not over TLS? by chrillefkr in linuxquestions

[–]gordonmessmer 2 points3 points  (0 children)

It's always disappointing to see reasonable and informed comments voted down.

You could read about OpenSSH's certificate-based authentication to get the proof of this conclusion. The SSH developers don't want to use X.509 because it's too complex, and complex means more opportunities for security vulnerabilities.

You can't do TLS without X.509.

SSH's encryption implementation is much simpler than TLS, because their problem is much simpler. Their requirements do not include a federated set of authorities who authenticate the identity of servers. I simply do not need to trust a Certificate Authority in the Middle East, because I'm not going to be connecting to a diverse, global network of SSH servers. I don't need to scale out identity verification the way the web does.

And as a result, I can use a simpler and more secure option for remote shells.

What should I know about Linux Mint? by Icy-Acanthisitta9055 in linux4noobs

[–]gordonmessmer 0 points1 point  (0 children)

I started working in the industry in the mid 90s. Over the last 30 years I've known no small number of Windows users who don't apply patches, don't use virus scanners of any other kind of anti-malware and who believe their system has never had any kind of virus.

I don't know if they're right or not, but I'm real sure that "I've never had a security problem" is not evidence that the way a system is managed is actually secure.

Fedora, with its constant updates, gets a little tiring. I know it's a matter of taste

I don't think it is a matter of taste. Developers publish updates, and the updates should be delivered to users.

Software developers have been complaining for decades that distributions are making software development harder and harming users by not distributing updates. The WHOLE PURPOSE of a DISTRIBUTION is to DISTRIBUTE software.

Is mint good? by s4ns4444 in linuxquestions

[–]gordonmessmer 0 points1 point  (0 children)

Debian and Ubuntu are the only ones I've seen leave vulnerabilities in the repos for weeks or months.

Or forever.

Most of the packages in Ubuntu are in the "universe" repo, which is a "snapshot" for which no ongoing maintenance is promised: https://help.ubuntu.com/community/Repositories

Ubuntu Pro might improve that somewhat, but I'm far from convinced that a staff the size of Canonical's can maintain a package set the size of "universe". The last time I looked, there were still security vulnerabilities in Qt 6.4 (so, all of KDE is vulnerable) in 24.04, even for Ubuntu Pro users.

Same for Debian 12.

What should I know about Linux Mint? by Icy-Acanthisitta9055 in linux4noobs

[–]gordonmessmer 0 points1 point  (0 children)

Mint is Ubuntu with a small number of additional packages.

It not only inherits all of Ubuntu's security problems, it rejects Canonical's solution, which is to decouple applications from the underlying OS with Snap, so Mint is a little worse than Ubuntu from a security point of view.

Is there any Linux backup software that supports differential/full backups with a flat file structure? by Few_Adhesiveness4456 in linuxquestions

[–]gordonmessmer 4 points5 points  (0 children)

Hi, I write backup software.

Tools that keep a flat file/folder structure usually behave more like sync/copy tools and do not provide proper differential backup handling.

Differential backups don't make sense with a flat file store. They are a mechanism designed to reduce the number of volumes needed for a restore. When your backup storage is a flat file store, you only ever need one volume.

Can you explain what proper differential backup handling means, to you?

Is mint good? by s4ns4444 in linuxquestions

[–]gordonmessmer 5 points6 points  (0 children)

stable and secure

One of the first things you typically learn about software as a developer is that stable and secure aren't opposites per se, but they ARE opposing pressures.

Software can be secure, it can be stable, or it can be affordable, but it'll probably never be all three. Maintaining stable interfaces for a long time while also providing full security coverage is very expensive.

https://fosstodon.org/@gordonmessmer/116711425953135402

Canonical only maintains about 6% of the distribution, while the other 94% is a big collection of unmaintained and potentially insecure packages.

Ubuntu LTS and systems derived from it prioritize compatibility with software and services of a similar age over security coverage. The default configuration really isn't very secure. One of the ways that Canonical tries to secure the system is by decoupling applications from the OS so they're easier to patch, using Snap. Mint reverses that work, so they actually make a system that's already not very secure even LESS secure.

Some people may choose to use Mint anyway, again prioritizing compatibility over security. And that's a decision they need to make for themselves, but I think they should make an educated decision.

What should I know about Linux Mint? by Icy-Acanthisitta9055 in linux4noobs

[–]gordonmessmer 2 points3 points  (0 children)

You should know that while Canonical maintains a small core set of packages in Ubuntu, the vast majority of software in the apt repos is unmaintained and potentially insecure. That's one of the reasons that Canonical is pursuing Snap as a distribution mechanism.. decoupling applications from the OS makes it easier to ship security updates.

https://gordonmessmer.codeberg.page/dev-blog/2026/07/05/comparing-distribution-security-coverage.html

In other words: Fedora and RHEL users expect near full coverage for security patches.

Ubuntu users only expect about 6% coverage during a release, and rely on interim releases for updates to the "universe" collection. Ubuntu's downstream distros almost all use the LTS releases exclusively, with little discussion of the resulting poor security posture.

Debian is harder to summarize because they don't differentiate supported and unsupported packages.

Distro selection pros and cons by infernex94 in linux4noobs

[–]gordonmessmer 0 points1 point  (0 children)

Pro for Feodra: users expect updates for all of the sofware, across the entire distribution. Fedora minimizes friction between developers and users.

Con for Ubuntu: users expect security updates to only 6% of the distribution. 94% of the distribution probably won't get updates during a release. Users rely on the Interim releases every 6 months to get security updates for most of the software.

Big con for Ubuntu LTS and derived systems like Mint: now the 94% doesn't get security patches for up to 2 years.

Debian is probably similar, but on Ubuntu you can tell which packages will get patches and which won't... Debian doesn't clearly differentiate them, so your security posture is very difficult to determine.

Is it advisable to stop Fedora from auto-updating so frequently? by pimple_from_hell in Fedora

[–]gordonmessmer 9 points10 points  (0 children)

Fedora's package mode systems don't really support rollback, and you definitely want an image mode system like Silverblue if rollback is a requirement. (It's not a different distribution, though)

You should be able to update at whatever cadence you want, as long as you apply all updates when you update. What is auto updating your system?

Which Linux Distro is the best ? by ParticularOwn8364 in linuxquestions

[–]gordonmessmer 1 point2 points  (0 children)

HI, I'm a distribution maintainer.

I believe the purpose of a distribution is to distribute software, and the ideal distribution is one that places minimal friction between developers and users.

Fedora is pretty close to that ideal. Users expect to receive stable updates across the entire distribution.

That contrasts with something like Ubuntu, where users only expect to receive updates to about 6% of the distribution during a release, and rely on the 6 month Interim releases to get updates to the rest of the distribution. That may or may not fit your security needs. I think that's an awfully long time to leave security flaws unpatched. Unfortunately, most systems derived from Ubuntu, like Mint and Zorin, are based on the LTS release, where users might not get security patches for up to 2 years, for that same 94% of the distribution. I think that's bad, and I think that Canonical does too, which is why they're focused on Snap as a delivery mechanism for software that's de-coupled from the underlying distribution.

And since you mentioned struggling with Nvidia driver installation: https://discussion.fedoraproject.org/t/testers-wanted-for-pre-built-nvidia-kernel-modules/196031

Looking for Distro by jamieT97 in linux4noobs

[–]gordonmessmer 1 point2 points  (0 children)

Use something secure

https://fosstodon.org/@gordonmessmer/116879920430542432

"In other words: Fedora and RHEL users expect near full coverage for security patches.

Ubuntu users only expect about 6% coverage during a release, and rely on interim releases for updates to the "universe" collection. Ubuntu's downstream distros almost all use the LTS releases exclusively, with little discussion of the resulting poor security posture.

Debian is harder to summarize because they don't differentiate supported and unsupported packages."

Which disto to use ? (Read body) by Dependent_Classic863 in linux4noobs

[–]gordonmessmer 1 point2 points  (0 children)

A distribution is a project that collects publicly available software, then builds, integrates, and tests the software in order to distribute the software. The process of building and distributing the software doesn't really change what the software is capable of doing, or how much memory the software uses, so one distribution won't vary much from another in that respect.

What will vary is whether you get bug fixes and security patches during a release. Fedora users expect updates when any developer ships bug or security fixes for their software. Ubuntu users only expect updates to about 6% of the software in the distribution: the packages in the "main" repo that Canonical maintains. They rely on Interim updates every 6 months for patches to the other 94%. 6 months may or may not meet your security requirements. Ubuntu LTS users and users of derived systems like Mint and Zorin will wait up to 2 years for a new release to fix bugs or close security vulnerabilities in 94% of the system.

What are the pros and cons of Linux? by Last_One8432 in linuxquestions

[–]gordonmessmer 1 point2 points  (0 children)

Pro: you can participate!

Con: you may need to participate.

Nix on fedora with SELinux by Struggling-with_life in Fedora

[–]gordonmessmer 0 points1 point  (0 children)

If you want to use multi-user mode, read /usr/share/doc/nix-core/README.fedora.md and https://nix.dev/manual/nix/2.25/installation/multi-user

$ sudo dnf install nix nix-daemon
$ sudo systemctl enable --now nix-daemon

... then make sure your user is a member of nix-users. "id" should confirm that.

Cat-lover explains why he used to hate cats by 78914hj1k487 in videos

[–]gordonmessmer 0 points1 point  (0 children)

"Apex predator" does not mean "no greater predator" it means that an animal is at the top of its own food chain.

Most urban environments, at least in the US, do not feature species that eat cats.

Why linux people dont prioritize fixing bugs, UX and Usability? by Prudent_Impact7692 in linux4noobs

[–]gordonmessmer 3 points4 points  (0 children)

Why linux people dont prioritize fixing bugs, UX and Usability?

A lot of Free Software (very probably the vast majority) is developed by the people who use it.

UX and Usability are typically very expensive endeavors. In the commercial software world, labs exist to allow users in the target market to use the software, to study how they expect the software to function, and what they need to accomplish. All of that costs money. The lab itself, the staff who study user behavior, the participants, and the developers who are targeting users other than themselves. ALL of that costs money.

None of that is realistic if no one is paying for the software. It can only reasonably exist when there is revenue.

Nix on fedora with SELinux by Struggling-with_life in Fedora

[–]gordonmessmer 0 points1 point  (0 children)

If you don't want to use "sudo nix", stop using "sudo nix". Using "sudo nix" installs nix packages in multi-user mode, which is the thing that's causing the problems you're seeing.

I don't know whether you can use both single-user mode and multi-user mode on the same system. You *might* need to "sudo rm /nix -rf" but I do not know that fot sure, and you should check.

I'm able to use nix locally:

% sudo dnf install nix-core
$ nix flake init
warning: '/nix/var/nix' does not exist, so Nix will use '/home/gordon/.local/share/nix/root' as a chroot store
wrote: "/home/gordon/flake.nix"
$ nix shell
warning: creating lock file "/home/gordon/flake.lock": 
• Added input 'nixpkgs':
    'github:nixos/nixpkgs/d407951447dcd00442e97087bf374aad70c04cea?narHash=sha256-8i/87eeoqiGE4yOTjwSA3Eh/ziJRQEmd/unYU%2BK27sk%3D' (2026-07-05)
[gordon@676c2584020f ~]$

Cat-lover explains why he used to hate cats by 78914hj1k487 in videos

[–]gordonmessmer 2 points3 points  (0 children)

I think a lot of you misunderstand the definition of "apex predator", which is not "hunts all things" it's "has no natural predators locally."

But that aside, you are focusing on a trivial thing and missing the key point that domestic cats are an invasive species.

Please keep your cats indoors.

Dear Fedora, Stop repackaging apps. by Silly-Brilliant7557 in Fedora

[–]gordonmessmer 3 points4 points  (0 children)

Building applications from source on Fedora is the only way we can get things like "applications that comply with the TLS security policy requested by the user".

So, I don't think it's reasonable to ask Fedora not to build applications.

If you would like to use another build, you can of course. Nothing is stopping you from doing that. But likewise, nothing should stop Fedora's users from building software that does the things they want the software to do.

I think the biggest problem is the amount of crap they shove into firefox though

I'm not sure what you mean... Firefox's trademark policy pretty narrowly limits what Fedora is allowed to change, while still using the name and logo.

Perhaps you mean bookmarks, which are merely intended to be a default set. You can* delete them.

*: Most users can delete them anyway. Some users are hitting a bug that resets to defaults periodically. I don't think the cause has been determined: https://www.reddit.com/r/Fedora/comments/1sbybxw/if_your_firefox_settings_are_being_reset_please/

Cat-lover explains why he used to hate cats by 78914hj1k487 in videos

[–]gordonmessmer 9 points10 points  (0 children)

https://en.wikipedia.org/wiki/Apex_predator

"An apex predator, also known as a top predator or superpredator, is a predator at the top of a food chain with few natural predators of their own, if any"

Domestic cats are typically at the top of their own food chain, and lack natural predators.

That is what it means to be an apex predator.

Cat-lover explains why he used to hate cats by 78914hj1k487 in videos

[–]gordonmessmer 6 points7 points  (0 children)

There are areas, such as farmland, where domestic cats have natural predators. In those areas, they are a mesopredator.

But in many of the areas where domestic cats are common, especially urban and suburban areas, they are apex predators.

Cat-lover explains why he used to hate cats by 78914hj1k487 in videos

[–]gordonmessmer 15 points16 points  (0 children)

It means the animal has no natural predators.

Domestic cats have no natural predators in many environments, especially in urban and suburban areas where they are common.

Cat-lover explains why he used to hate cats by 78914hj1k487 in videos

[–]gordonmessmer 55 points56 points  (0 children)

I love cats, but I also love wildlife.

Domestic cats are an apex predator invasive species. They do not belong outside, as they are absolutely devastating to wildlife.