When the laptop is from Framework (like OP’s laptop is) and is one of the ‘supported’ distros, and if said distro has a more robust update scheme (related to its immutability), then, quite frankly, its as close to “tailored to your hardware by a team of qualified and paid engineers” as it gets.

Depends entirely on what they do on their device.

If it’s your average user, it should be sufficient for them to know that new software should exclusively be installed through the provided software manager.

Else, they should check if all their software needs are provided by Linux. And also think about which distro would be best for those specific needs. With Distrobox (and Nix) this isn’t as much as an issue as it used to be. But, there’s still software out there (like Davinci Resolve and Waydroid) that doesn’t like to play nice with all hardware and distro combinations.

Perhaps most importantly, ensure it’s a distro with sane defaults for a new user. This doesn’t necessarily mean that everyone should just use Linux Mint. However, it’s better if the chosen distro makes sense for the user.

(CONTINUED)

This second comment only exists because all I wanted to say didn’t fit in the previous one.

So without further a due.

“However, it seems to be less ambitious in scope and vision.”

I will not commit to a rigorous comparison in which their respective PR talks or points related to ambition, scope and vision are mentioned. Instead, I’ll put forward reasons for why I believe this to be the case.

• Fedora has mentioned (two and a half years ago) that they want for Fedora Atomic to be the default. openSUSE has yet to make similarly ambitious statements regarding MicroOS. At best, we’ve Richard Brown (lead MicroOS Desktop) that states that he thinks Linux (or openSUSE) (can’t remember the exact statement) should only be consumed as MicroOS (Desktop). However, this is only the preference laid out by the project lead. This is especially interesting when one considers how much more logical it is for openSUSE Aeon to be the future of openSUSE Tumbleweed compared to Fedora Atomic to be the future of Fedora. Yet, less ambition…
• From inception, Fedora Atomic was very ambitious. The image that represents the system is created from ‘scratch’, layers are applied through rpm-ostree, for the container workflow Toolbx’ inception is materialized. Reproducibility (to a very significant degree) is achieved. And, as mentioned earlier, it can even start boasting about being declarative (to a degree). By contrast, where does openSUSE Aeon stand? It’s only achieved atomicity. That’s it. No mention of reproducibility. No mention of the ambition to be declarative. Nothing. Their commitment to container workflows didn’t even lead to building in-house tooling. Instead, they "outsourced’ it by using an existing solution (first Toolbx and then Distrobox) that was derived (but ultimately became more of a superset) of Toolbx; i.e. Distrobox. Don’t get me wrong; I have preferred Distrobox over Toolbx (and will probably continue to do so). However, isn’t it painfully obvious that one is inferior (in ambition) when its has to rely on tooling provided by the other?
• The debacle of Kalpa. Like, how is it possible that it has remained in Alpha with no positivity surrounding it for over a year. Additionally, there doesn’t seem to be any effort in helping the clearly struggling single maintainer of the project. Meanwhile Fedora Atomic is working on its ARM/Asahi remix and the one with COSMIC as its DE. And, honestly, I wouldn’t be surprised if Fedora releases those two before Kalpa leaves Alpha…
• Container-based, but limited in scope. openSUSE is (as they proclaim) committed to the container-based workflow. However, their base system continues to be one relying on btrfs snapshots rather than OCI or whatever container-based solution is out there. Heck, Vanilla OS and blendOS were using something similar with their original inception; ABRoot for Vanilla OS*. But, somehow, a group of developers from Vanilla OS were able to erect a f*ck tonne of tooling for (effectively) their reimagining of Fedora’s model. Like, how can this group of developers succeed where openSUSE seems to fail? I literally fail to understand. Heck, the same could be said for blendOS that’s headed by a (very talented) teenager. Somehow, even Fedora seems to be more committed to the container workflow. At least, their efforts suggest as such.
• In over two years since I’m on Fedora Atomic, I’ve seen so many developments; it’s actually astonishing. OCI has been adopted for updates. And even bootc has been successfully created to tackle some problems. The ambition is clear. Meanwhile, I just don’t see the same advancements for openSUSE MicroOS. Heck, even YaST, one of openSUSE’s killer features is absent. Why? One of the reasons is because it allows for too much customization… Peculiar. Because I thought that openSUSE’s reliance on btrfs snapshots would allow them to customize a lot more easily. But, unfortunately, this doesn’t seem to be the case.
• Like how all of these efforts are inspired from NixOS, we see that a lot of projects are also inspired by Fedora Atomic. They take over their ways and allow themselves to be inspired by them. Vanilla OS’ maintainers (among others) have basically accepted doing this as well. We don’t see this (to that degree) for openSUSE. The only thing I’ve seen is atomic upgrades through btrfs snapshots. That’s it. It’s unfortunate, but that’s literally it.
• For some reason, MicroOS Desktop was an afterthought until Richard Brown brought it up in 2019. By contrast, at that point, Fedora had released its Fedora Atomic Workstation (what would eventually become Fedora Silverblue) for over a year.

The writing above was a lot more ramble-y and unorganized compared to what I write usually. Blame my aching wrist. Regardless, it should be more than enough. However, if you disagree or if I’m wrong, then I’d love to hear about it.

And, if you somehow believe that openSUSE Aeon is more ambitious than Fedora Atomic, then please feel free to state why you think that to be the case.

Edit: I just noticed how I missed a question:

I am not sure I understand what you mean by:

Consider checking up on where Wayland, systemd, PipeWire, PulseAudio etc first appeared; so on which particular distro.

So, it was meant for you to notice the trend of how new, (r)evolutionary and crucial tech (i.e. software) are first adopted on Fedora. For each one of them, if you look at their respective wiki page, you can check how it’s adopted and from which distro it started out. This trend has been going on for quite some time and will continue to be the case.

Btw, I apologize for the insane info dump 😅.

Thank you for the reply!

Are you referring to use those packages as default?

I don’t understand why this is relevant. But, to answer your question, a modern system should already be on systemd, Wayland and PipeWire unless one has (for some reason) ideological qualms with systemd or if the maturity of Wayland isn’t quite ready for their specific needs.

The “should” used earlier isn’t used as my personal bias or whatsoever. It’s simply the default found on the upstreams projects. GNOME and KDE (the most popular DEs) default to Wayland. PipeWire has become default for at least GNOME (even on Debian). And systemd is the default on almost all Linux systems.

Furthermore, this set of software is not a random set for which Fedora happens to be the first to adopt. In fact, these are crucial parts of how we interact with Linux; these constitute the backbone if you will.

Afaik Fedora OS is not even rolling release

Firstly, no one refers to Fedora as Fedora OS. Secondly, Fedora’s release cycle is often referred to as semi-rolling release. With that, it’s meant that some packages arrive as they come (very close to how rolling release operates). However, other packages only arrive with the next point release. Though, Fedora has its Fedora Rawhide branch that operates as its rolling release branch.

However, the fact that you mention this, means that we have misunderstood eachother. I don’t claim that new versions/updates arrive first on Fedora. I don’t even claim this for any of the earlier mentioned packages. However, what I do mean is that Fedora is the first to adopt these technologies in the first place. So, the first release/version of systemd, PipeWire, Wayland etc was released on Fedora. Then, within months or years, it was adopted by other distros as well.

so I cannot fathom how it has packages earlier than the typical bleeding-edge candidates.

See previous paragraph. And, you don’t need to fathom it; I’m just stating the facts. If you do seek a reason, it’s related to Fedora’s relation to Red Hat and how most of these technologies originate from efforts coming from either Red Hat employees or made possible through their funding. Then, when it comes to testing those things, Fedora acts as their guinea pig. That’s why Fedora is sometimes referred to as Red Hat’s testing bed distro. This doesn’t only come with its positive side, because it may also come with a negative impact to its stability. However, if one is interested in what’s next for Linux, then there’s no alternative to Fedora.

Why are you mixing Fedora Atomic with the regular Fedora Distro?

Because OP actually was in praise of Fedora after using Fedora Kinoite (i.e. Fedora Atomic KDE). And then, you critiqued it (i.e. Fedora) for having no selling points. So, it was rather ambiguous.

Furthermore, Fedora has actually mentioned (for at least two and a half years now) that they intend for Fedora Atomic to be the future of Fedora. So, in a few years of time, what we’ll refer to as Fedora will simply be Fedora Atomic of today. Take note that this doesn’t mean that traditional Fedora will cease to exist. Rather, it will be referred by a different name (perhaps Fedora Classic (but I actually don’t know)).

…how is something like this objectively valid?

Alright, I made a couple of claims:

“It’s also the most mature attempt.”;

First of all, we’d have to properly define what “Nix’ify” even means or what I used it for. So, in the simplest of terms, I meant it as “Taking design elements of NixOS and applying them to an existing product. And then publishing/releasing it as a new product.”

So, basically every distro that’s commonly referred to as ‘immutable’ and that’s originated from or has loose relations to an existing distro applies. Therefore, something like Guix System does not apply; because it’s an entirely new project with nothing that pre-existed it without its NixOS influences. On the other hand; Fedora Atomic, openSUSE MicroOS Desktop and the upcoming Ubuntu Core Desktop definitely do apply. (If the upcoming Serpent OS is “Solus v2” then we can also mention that one here). The addition/admission of distros like Arkane Linux, AstOS, blendOS, MocaccinoOS, Nitrux and Vanilla OS (to name a few) is murky, but (for the sake of argument) we’ll not exclude these.

So, a proper study of their relative maturity would require a lot more effort than either of us is willing to put into. But, I made the claim based on the following (in alphabetical order):

• Adoption; Popularity of a distro is very hard to quantify on Linux. However, based on the discourse, it’s hard to deny how much more popular Fedora Atomic seems compared to its immutable peers. However, if BoilingSteam’s reports do qualify as representative, then (I think) we’ll see a very significant growth for Fedora in the next report (as the most recent one already has informed us about). And that growth can almost completely be attributed to Bazzite switching to RPM Fusion’s Steam. Hence, Bazzite and thus Fedora Atomic’s adoption would be very significant.
• Age; By itself, this is not very telling. However, when you consider that work on Fedora Atomic started (at least) over ten years ago with Project Atomic. And that it even released a version that same year (in 2014). Which eventually culminated to the release of Fedora Atomic Workstation (i.e. Silverblue) in February 2018. It’s a joke to compare this to the others that have only erupted in the last 2/3 years; so not within the same ballpark. The only exception to this would be openSUSE that launched its Project Kubic in 2017. But MicroOS Desktop only had a release in 2021.
• Development Cycle; Other projects are in beta/RC, while Fedora Silverblue has had its general availability release (at least) over two and a half years ago. To name a couple of the more interesting ones:
  • blendOS; Had their v4 Alpha last year and have just (within a month ago) gone out of it. AFAIK they didn’t have any beta or RC releases. Which makes me suspect that their ‘release’ may just be the beta/RC for other more serious projects. Furthermore, blendOS is known for rigorous changes in between their versions. Not quite what I’d refer to as mature.
  • openSUSE Aeon; released a month ago (or so) its RC2. openSUSE Kalpa (i.e. KDE) is still in alpha.
  • Vanilla OS; still in beta.
• Funding/Man-hours; A project backed by Red Hat (i.e. Fedora Atomic) vs anything else. Adding in the fact that development also started significantly earlier, this is pretty much a given in favor of Fedora Atomic.

(And finally) Rate of ‘Nix’ification’; Atomic -> Reproducible -> Declarative. These stages are passed through by aspiring ‘immutable’ distros when Nix’ifying.

For example, from almost its inception, Fedora Atomic was atomic and had a healthy portion of reproducibility. With the relatively recent transition to OCI (for updating etc), it also became (somewhat) declarative and further improved its reproducibility.

Likewise, we see similar developments in other projects:

• blendOS; Started out as only atomic and has attained reproducibility and declarative since.
• openSUSE Aeon; Started out as atomic. Wishes to be reproducible (and more robust) through transition to image-based. Not much more info on this.
• Vanilla OS; Went from only atomic to a similar OCI model like Fedora for reproducibility and becoming declarative.

Fedora Atomic has (almost) completed/finished its “Nix’ification”. While the same can be said about other projects, this does not apply to all of them. Hence, even if Fedora is not necessarily the best at this, it definitely finds itself amongst the frontrunners.

“Derivatives like Bazzite are the product of this endeavour.”

This is simply a fact. Bazzite is only possible because of Fedora Atomic.

“From the OG distros, only openSUSE (with its Aeon) has released an attempt.”

I define OG distros as the big, independent distros that will probably never lose their relevancy. Think of Arch, Debian, Fedora, Gentoo, NixOS, openSUSE, Slackware, Solus OS, Void etc. For the sake of argument, we could include all independent distros. Out of these; Fedora, openSUSE, Solus and Ubuntu are the only ones for which we know their team/organization are actively working to erupt an ‘immutable’ distro while (originally) their distro followed a traditional model. Ubuntu Core Desktop has yet to release and the same applies to whatever Solus is cooking. From openSUSE, we have openSUSE Aeon (and Kalpa) and for Fedora we got its own 4 atomic spins. Furthermore, we got dozens of derivatives based on Fedora Atomic. So once more, this is just factual.

“However, it seems to be less ambitious in scope and vision.”

This is definitely a loaded claim. I’ll answer this in my next comment.

I understand you like Fedora

Exactly. But it’s on merits. On the other hand, it seems as if you dislike Fedora for some reason. However, it’s unclear to me as to why that is.

but you make claims without any proof or just pure opinion based.

I can back up (almost) every claim I’m making (as you should have noticed by now). Not citing sources or whatsoever is due to laziness and because I don’t think you’ll check those sources anyway (like how you seemingly didn’t check if the earlier mentioned software indeed were first adopted on Fedora and if so; why). However, if you want me to cite sources on statements I make, then please mention the exact statements I’m making and I will back those up with sources.

It’s also peculiar that you make uninformed guesses or claims without backing them up yourself. Nor do you feel compelled to look up if the unsure statement/claim is even correct or not in the first place. Though, I should at least compliment you for being honest/transparent when making unsure claims/statements!

Yet, I’m still waiting for you to name a distro with more impressive unique selling points 😜.

USP: Unique Selling Point.

Would you mind elaborating?

I understand. And to be frank, I agree with you that perhaps it’s too much focused on a particular set of things (i.e. gaming).

There’s also Aurora and Bluefin (see uBlue’s website) for those that seek a very similar experience but without the focused-on-gaming part. The reason I prefer Bazzite over those two is related to Waydroid (i.e. software to run Android (apps) on Linux). However, your mileage may vary.

Finally, uBlue used to dedicate resources and documentation on their base images; i.e. relatively not-opinionated images for Silverblue, Kinoite and Fedora Atomic with basically any desktop environment you could imagine plus hardware enablement. These are perhaps still worth considering. However, personally, I’ve been having a better time on Aurora/Bazzite/Bluefin.

You’re welcome 😊!

I agree that Bazzite is very very good. So much so, that it’s the first distro I recommend in person.

Enjoy 😉!

What you’ve pointed out here is definitely something that should be fixed soon. Thank you for clarifying.

You seem to be ignorant; the use of this word is not meant derogatory. In all fairness, it’s perfectly fine; we all gotta start out somewhere. So, please allow me to elaborate.

Being the first distro on which new technologies are introduced

Consider checking up on where Wayland, systemd, PipeWire, PulseAudio etc first appeared; so on which particular distro.

Also atomic branch?

Fedora Atomic, i.e. the first attempt to Nix’ify an established distro. Most commonly known through Fedora Silverblue or Fedora Kinoite. Peeps formerly referred to these as immutable. However, atomic (i.e. updates either happen or don’t; so no in-between state even with power outage) is more descriptive. It’s also the most mature attempt. Derivatives like Bazzite are the product of this endeavour. From the OG distros, only openSUSE (with its Aeon) has released an attempt. However, it seems to be less ambitious in scope and vision. I wish it the best, but I find it hard to justify it over Fedora Atomic.

SELinux might be a fair point, but I doubt that ss unique to Fedora tbh.

OOTB, apart from Fedora (Atomic), it’s only found on (some) Fedora derivatives and openSUSE Aeon (which forces you to use GNOME and Aeon’s specific container-focused workflow). Arch, Gentoo and openSUSE (perhaps even Debian) do ‘support’ SELinux, but it can be a real hassle do deal with. And it’s not OOTB.

If you make claims, you better substantiate it. I just did your homework 😂. Regardless, I’m still interested to hear a distro with more impressive USPs. Let me know 😉.

Being in active development does not mean it’s not ready. To recognize faults or things that can be improved upon and keeping track of those does not mean it’s not ready.

By your definition, not a single distro is ready. Which, to be frank, is a perfectly fine stance to hold if the extent of this is explored and explained. However, you pose it as if Fedora Atomic is the one with that problem (implying others don’t have that issue), which is just plain false.

Nvidia can be a bitch. And it’s unfortunate that Fedora isn’t particularly well known for handling that graciously.

I’d recommend Linux Mint for beginners after my experiences.

Absolutely fair. FWIW, if you ever feel like giving Fedora another chance, consider doing it through its derivative (i.e. Bazzite).

What’s with openSUSE Tumbleweed?

Do you think its USPs are more compelling? If so, consider naming those USPs in order for them to be evaluated.

How about

• SELinux that’s pre-configured and on enforcing mode OOTB
• Its whole Atomic branch
• Being the first distro on which new technologies are introduced

All of which are unique.

To be frank, Fedora’s unique selling points are very compelling. I wonder if you could name a distro with even more impressive USPs.

Yup. Here’s the post as found on Mastodon by the developer that works on Steam on Linux on behalf of Valve.

Uses btrfs by default but comes with no snapshots or GUI manager pre-configured for system restore

False on Fedora Atomic.

Less software availability compared to Ubuntu or Mint

Distrobox and Nix exists.

More likely to break than Ubuntu or Mint

Mint, perhaps. For Ubuntu, this was only true in the past. And only if PPAs were used sparingly. But Snaps have been a disaster for them in this case. So much so, that even Valve told Ubuntu users to use the Flatpak for Steam instead of the Snap.

Why does nobody here ever recommend Fedora to noobs?

It does happen. It’s simply not the popular choice for the following reasons:

• Fedora and its predecessors were until relatively recently simply more cumbersome in use compared to Debian and Ubuntu;
  • There was a time (like at least over 10 years ago) in which package managers didn’t necessarily know how to resolve dependencies. However, Debian’s package manager at the time did it earlier than the package manager found on Fedora’s predecessor. Hence, this was a clear reason to prefer Debian or Ubuntu over Fedora('s predecessor).
  • Freezing packages and offering stable releases with two years of support (like Debian does), has been and continues to be a very pleasant way to run your Linux OS. That’s why, even in the past, Fedora’s slower cousin (i.e. CentOS) was very popular (though being RHEL clone didn’t hurt either). Fedora, on the other hand, offers a semi-rolling release cycle of 6 months with only 13 months of support since release. With semi-rolling release, I refer to the fact that some packages are frozen and some are not frozen. Hence, you should expect daily updates. Access to the latest and greatest software is great. However, every update is a possible cause/reason for something to bork/break on your system. It’s therefore unsurprising that some prefer the predictability found on other distros. Though, for the sake of completeness, one has to mention that Fedora Atomic does a great job at tackling this problem; especially the uBlue projects.
  • A couple of years back, Fedora switched in quick succession to systemd, Wayland and GTK4. Thankfully, I didn’t experience this for myself. But, from what I could gather, it was a mess. Users, perhaps rightfully so, questioned Fedora’s decision-making. While Fedora wasn’t particular loved, this didn’t help to retain new users, nor did it help to cultivate a trusted environment.
• Due to the previous reason, Fedora has not particularly been a very popular distro. Hence, troubleshooting your issues through Google is less straightforward compared to Linux Mint or Ubuntu. Additionally, as Fedora’s user base has primarily been more experienced users compared to the ones found on Linux Mint or Ubuntu, it’s unsurprising to find less discussion on elementary stuff. Simply by virtue of Fedora’s user base already being past that.
• Fedora, like Debian and openSUSE, offers a relatively bare bones experiences. It does make a lot of sane decisions for you. However, it doesn’t focus on being particularly GUI-friendly or newbie-friendly. By contrast, distros like Bazzite, Linux Mint, Manjaro, MX Linux, Nobara, Pop!_OS and Zorin OS (amongst others), do put thought and effort into streamlining the experience as much as they can; especially for newer users.
• While Fedora is primarily community-driven, Red Hat’s influence is undeniable. As such, people that hate corporate interest and/or Red Hat and/or IBM will favor the use of Arch and Debian.

Having said all of that, I’ve been using Fedora Atomic for over two years now. Heck, Silverblue was my first distro. And it has been excellent so far. Furthermore, with Bazzite (based on Fedora Atomic) and Nobara (based on Fedora) often mentioned in conversations regarding beginner friendly distros, even if Fedora itself isn’t explicitly mentioned, the ecosystem is clearly healthy and will continue to flourish.

What’s your end goal here?

Incoming XY problem.

I want to prevent myself from reinstalling my system. The trick I came up with involved the use of files that couldn’t be disk cloned. However, if it’s far far easier to accomplish it through other means, then please feel free to enlighten me on this.

You try to keep files just on that one media without any options to make copies of them?

Yes.

Or maintain an image which has enforced files at their directories?

No, not necessarily.

And against what kind of scenarios?

Protecting myself from myself. That’s where the password requirement comes in: I can send a delayed message to myself that holds the password. The end result shouldn’t in the absolute sense prevent full access for always. Unlocking the protection should be possible and should require the involvement of the earlier mentioned password that is received through a delayed message. That way, those files can be accessed eventually, but only after I had intended to.

ACLs and SELinux aren’t useful as they can be simply bypassed by using another installation and overriding those as root

Excellent! I didn’t know this. Thank you for clarifying this for me!

Only thing I can think of, up to a degree, is to use immutable media, like CD-R, where it’s physically impossible to move files once they’re in place and even that doesn’t prevent copying anything.

The files should remain on the same disk that I run my OS from. So, unfortunately, this doesn’t quite help me. Thank you regardless!

Ok, I’m still not clear on exactly what you’re trying to achieve as I can’t quite see the connection between somehow preventing certain files being duplicated when cloning the disk and preventing yourself from reinstalling the system.

Premises:

• Very important files on disk (somehow) protected from copy/mv/clone whatever.
• Reinstalling my OS wipes the disk.

Therefore, I would lose those very important files if I were to attempt a wipe. If said files are important enough for me to reconsider wiping, then the act of protecting them from copy/mv/clone has fulfilled its job of preventing me from reinstalling the OS.

Bear in mind that reinstalling the system would replace all of the OS, so there’s no way to leave counter-measures there, and the disk itself can’t do anything to your data, even if it could detect a clone operation.

I understand.

If what you’re trying to protect against is someone who knows everything you do accessing your data, you could look to use TPM to store the encryption key for your FDE. That way you don’t know the password, it’s stored encrypted with a secret key that is, in turn, stored and protected by your CPU. That way a disk clone couldn’t be used on any hardware except your specific machine.

Very interesting. A couple of questions:

• Is it possible to only protect a set of files through this? So not the entire disk?
• Does TPM get flushed/randomized on OS reinstall?

Very informative. I appreciate it!