Disentangling Debian derivatives to discern your default • The Register | #computerhacking | #hacking


There are probably more variants of Debian than any other Linux distro, which can make it confusing. To provide some clarity,The Reg has lined up the main suspects.

Toy Story, the movie that saved Pixar (and Steve Jobs’ fortune), was released in 1995. Although Debian 0.01 appeared in 1993, you can date Debian from Toy Story, because all of its stable releases are codenamed after characters from that film.

The first named release, “Buzz”, came out in 1996. Debian 2.1, “Slink”, appeared in March 1999, and delivered the Advanced Package Tool (APT), which brought automatic dependency resolution to Linux software management. (Arguably, FreeBSD’s ports system had something comparable earlier.)

Every other mainstream distro ended up implementing that feature, but Debian got there first. That, and the fact that it was backed by a non-profit organization, has kept Debian’s profile high ever since. The lack of direct competition against other commercial distros, and the fact that the APT toolchain meant that an installation could be upgraded indefinitely, rather than requiring periodic reinstallation, meant that there was no particular pressure to improve the Debian installer.

Although it’s been one of the leading distros for over 20 years Debian has remained famously hard to install. That has led to multiple paid Debian-based distros which tried to make it easier. Early examples were Libranet (which added rich menu-based system administration), Storm Linux (which put a graphical desktop on it as standard), Progeny (which added a graphical installer and admin tools), and Corel LinuxOS (which made it look and feel more Windows-like, with for instance the first graphical tool to set or change screen resolution).

Debian defined some of the characteristics that would become hallmarks of paid-for enterprise distros: a slow and conservative choice of tried-and-tested components, plus a relatively sluggish release cycle. It was mainly intended for servers and the desktops of people who knew what they were doing and didn’t need much hand-holding.

UserLinux and Ubuntu

The UserLinux project set out to change this. Founded by Bruce Perens, who defined the term “open source,” UserLinux aimed to make a free end-user graphical desktop, as Perens told the BBC. The project never completed its distro, but someone else picked up the idea and ran with it. Ubuntu founder Mark Shuttleworth sold his company Thawte to Verisign, spent a small amount of the proceeds visiting the International Space Station, then started Ubuntu to give something back to the Linux community. When The Reg interviewed him in 2006, we said that his project had become “the Linux distribution of choice in just two years.”

Ubuntu delivered what UserLinux planned: a simple, easy-to-install, graphical desktop, which didn’t ask any difficult questions about what components you wanted, and gave users a desktop OS with all the main tools they might need. Plus it was free of charge and easy to update. Ubuntu is based on Debian, but on the “sid” rolling test release, not the stable, numbered releases. One description was that “the mission of Ubuntu was to make Debian sid easier to consume.”

The Debian difference

Since Ubuntu launched in 2004, some of its technological improvements have passed back upstream to Debian, but substantial differences remain.

Ubuntu has a dual release cycle. New interim releases appear every six months, in April and October. They’re production-ready and get updates, but since 13.04, only for nine months. In 2006, Ubuntu 6.06 hit two significant milestones: the first version with a graphical installation program, and the first long-term support release. Since then, every fourth release (that is, the .04 release in each even-numbered year) is a “Long Term Support” release, and gets five years of updates.

Debian’s release cycle is rather slower. As the project’s own release history shows, since Debian 3.1 “Sarge” in 2005, its release cadence has quickened, but there is still a new release just every two years. It is based on significantly older components than Ubuntu – and in the case of web browsers, sometimes much older.

The next version after that, Debian 4.0 “Etch” in 2007, caught up with Ubuntu 6.06 in gaining a graphical installation program. This made it somewhat easier to install, but it wasn’t (and still isn’t) a live image – you can’t boot to a desktop. Debian has also adopted other tools from Ubuntu, including the apt command, Ubuntu’s graphical tools for configuring software repositories, and so on.

Ubuntu bundles some drivers, codecs, and firmware that are freeware but not open source. Debian excludes these, which can make it difficult to install on some machines – for instance, if you only have Wi-Fi networking and your adapter needs proprietary firmware. There are unofficial “non-free” installation media, but it’s additional work.

Ubuntu also has an additional package of “Restricted Extras” with even more additional tools. Most of these can be installed individually on Debian – but again, it’s more work.

Ubuntu provides tools for adding “Personal Package Archives” or PPAs to make it easy to add extra software from sources beyond the main project repositories. It also bundles its own cross-distro packaging format called Snap, which rivals Red Hat’s Flatpak.

There are several reasons these are important. First, because unlike on Windows (or indeed macOS) where it’s standard operating procedure to just download a program direct from the web and install it, this is not the Linux way of doing things. Second, because Linux distros have built-in package managers, not just for installing software but also for updating it. So, unlike on Windows or Mac, apps generally don’t (and can’t) update themselves.

So to add new apps from outside the distro, they need to be added to the distro’s built-in lists of known software sources. That’s why Ubuntu has gone the extra mile to make it relatively easy to add additional external software: to make it easier for users to add their own apps, and because this way, the new software will automatically get updated along with the rest of the OS.

On Debian, both the direct installation of external programs and self-updating apps are discouraged, because it’s extremely insecure. As such, Debian doesn’t directly support PPAs, although there are official and unofficial workarounds. By default, it also doesn’t include either Snap or Flatpak – although both are available as optional extras.

So although Debian and Ubuntu use the same native packaging format (.deb), and have much the same commands and the same configuration files in the same places, they remain significantly different. Ubuntu is generally more current, while Debian is based on older releases of its various components. Both include a choice of desktops, but the Ubuntu ones tend to be more customized and polished, whereas Debian’s versions are generally similar to their upstream versions.

If you try to install Ubuntu programs or drivers on Debian, or add Ubuntu repositories to Debian, the installation may fail or the new programs may not work – because they require specific versions of Ubuntu components, or elements that Ubuntu includes but Debian does not.

Ubuntu boot media are live images which boot to a desktop, while Debian just boots into the installation program – there’s no way to “try before you buy” and experiment with different desktops, except installing the whole OS. Ubuntu is more plug-and-play – boot the computer from the installation medium, hit “Install,” give it a name and a password, click “yes” a few times, and you’re good to go.

All this means that even today’s polished, easier Debian is still more intimidating to beginners, and tends to require more expertise from its users. Which, of course, has opened up the opportunity for external developers to offer their own improved Debian experience.

Bigger distros have little distros upon their backs to bite them

Just as Ubuntu is largely “plug and play,” much the same applies to its many derivatives, both official and unofficial. Of these, Linux Mint is probably the highest-profile. It started out as as a simple remix that just bundled some of Ubuntu’s restricted extras which Canonical can’t include in all jurisdictions. Although it took a few years, after Microsoft’s 2006 legal threats against Linux, Ubuntu launched its Unity desktop, while other GNOME-centric distros switched to the equally disorienting GNOME 3.

The Mint team seized its opportunity with Linux Mint 12, which included the choice of either the MATE desktop, forked and continued from GNOME 2, or the Mint GNOME Shell Extensions, which turned GNOME 3 back into something more Windows-like and in time evolved into the Cinnamon desktop. Many Ubuntu users who preferred a more Windows-like desktop fled to Mint, and a decade later, Mint is more popular than its progenitor.

Given the large amount of common ground between Debian and Ubuntu, some remixes have moved from one parent distro to the other. The minimalist British distro Crunchbang moved from being based on Ubuntu to Debian instead before its developer called it quits. Two derivatives continue the project: BunsenLabs is very close to the original Crunchbang, while CrunchBang++ happened later and has slightly modernized and updated the distro. The Reg FOSS desk would rather like to see them join forces, or switch bases to Devuan.

Devuan

Like most mainstream distros, Debian uses the systemd service manager. Like Solaris’s SMF and macOS’s launchd, this is a modern replacement for the traditional xNix array of scripts and plain-text config and log files – and, like them when they were new, it’s controversial. As Debian is a totally community-run distro with no commercial backer, the debate over adopting systemd was particularly fierce and resulted in several Debian maintainers quitting and forking the project to create a systemd-free version.

The Reg has covered the Devuan project since its first version, “Jessie”, including looking into its developers’ motivations. Version 4, “Chimaera”, added support for PowerPC hardware and a screenreader for visually impaired users. It is now a fairly well-established alternative, with derivatives of its own.

The Reg FOSS desk has Devuan running on a couple of machines and rather likes it, but in all honesty, it’s only very slightly lighter-weight than its parent, and it can be more difficult. For instance, installing third-party drivers can be tricky. If you too are deeply opposed to systemd, and you have a reasonable amount of Linux knowledge and experience, then it’s a valid option. Given that the Debian project would benefit from more money and more people as it is, we’d be happier to see Debian simply offer a choice of init systems during installation, and the two projects merge back together.

Linux Mint Debian Edition

In recent releases, Mint is gradually diverging from its parent. For example, it removed Snap support, replacing it with Flatpak. The latest Mint 20.3 switches to natively packaged upstream Mozilla Firefox, and the forthcoming Ubuntu 22.04-based Mint 21 is expected to remove the controversial systemd-oomd component.

There’s always a possibility that Ubuntu makes some more drastic change in future that the Mint team can’t bypass, and as a safety net, there is Linux Mint Debian Edition. We looked at the latest LMDE 5 recently.

Its homepage promises “LMDE aims to be as similar as possible to Linux Mint, but without using Ubuntu.” LMDE includes many newer, updated components, such as the latest Firefox, plus additional drivers, firmware, and codecs that Debian excludes. It has the latest Cinnamon desktop, direct from the developers, and includes Flatpak as standard.

On the good side, this means that it looks smarter, is much easier to install, and works with more hardware. The snag is that it’s not really Debian any more – but it’s not mainstream Mint either. That means more difficulty getting help or advice from either community. Mint users are mostly not technical types, and will mainly know mainstream Mint, while Debian users are far more technical, which means that they and the documentation will refer to the mainstream distro.

LMDE is a good, solid distro – but for now, it’s an outlier.

Raspberry Pi Operating System

A different system-initialization tool doesn’t make much overall difference to how heavyweight a Linux distro is – Devuan’s system requirements and utilization are very close to Debian’s. It takes skill to cut down a distro so that it takes a lot less memory, or disk space, or CPU horsepower.

The original Raspberry Pi launched without an OS. As it had the unusual combination of an ARMv6 processor plus a hardware floating-point accelerator, the standard Arm version of Debian didn’t work – it needed ARMv7. That led Mike Thompson and Peter Green to create Raspbian – a special cut-down Debian for ARMv6 with hardware FPU.

Now officially adopted by the Raspberry Pi Foundation and renamed the Raspberry Pi OS, it also has an x86-32 edition called the Raspberry Pi Desktop. We hope to review the latest version very soon, but it’s one of the lightest-weight Linux desktops around for an older PC.

SpiralLinux

SpiralLinux is one of the newest Debian derivatives, and we reviewed it just last month. It comes from the creator of the excellent openSUSE-based GeckoLinux, and like GeckoLinux, it gives you a better-configured setup while adding as little as possible to the upstream OS.

Because Debian tends to comprise rather outdated components, many people choose to run either the Testing or unstable branches. Testing is effectively a beta of the next release, whereas the unstable branch, nicknamed “Sid”, is an eternal rolling release. With either, there’s a risk that an update could break your system.

This is a good niche for SpiralLinux, which uniquely supports snapshots and rollback, just like openSUSE’s Tumbleweed rolling-release distro. So if an update causes problems, you can just reboot into the last snapshot, and wait a day or two for a fix.

MEPIS and Sons

MEPIS started a year before Ubuntu, and maintainer Warren Woodford had a similar goal: to make Debian easier to install and use. It defaulted to the KDE desktop and had an enthusiastic community behind it. Version 6 switched from Debian to Ubuntu, and then version 7 switched back to a primarily Debian basis again. Unfortunately, MEPIS hasn’t been updated in nearly a decade: the last release was version 12 beta 2.

The good news is that the community of MEPIS users has continued working on it, and today the project has two descendants: antiX and MX Linux.

The older of the two, antiX, is very minimal, with retro feel a little like a late-1990s distro. It’s very lightweight, but a little clunky, and we wouldn’t recommend it for anyone except the most hardcore.

The other descendant, however, is a very different proposition. MX Linux is a thoroughly modern distro, with Flatpak, systemd disabled by default (but still present for compatibility), and some useful extras. We plan to return and give it a full review soon, but it’s a strong contender.

And many more …

There are many more Debian derivatives that we’ve yet to have time to examine.

Grml is a live environment with a selection of tools for sysadmins to recover failed machines, deploy images over the network and so on.

Similarly, Tails is a live environment, designed to run directly from a USB key to give a safe, anonymized browsing experience, including access to the TOR anonymized internet. We looked at version 4.20 a year ago.

Puri.sm offers a range of privacy-focused PCs and expensive smartphones with hardware killswitches. It maintains its own GNOME-based Debian derivative called PureOS which eliminates all proprietary components.

Kali Linux is a specialized Xfce-based desktop intended for penetration and security testing, which The Reg reviewed in 2021. Since it featured in TV’s Mr Robot a few years back, it’s been the distro of choice for many a wannabe teenager who fancies themselves an elite hacker. It has a very sleek desktop setup, but given the specialist nature of the selection of apps that come preinstalled, unless you are a pentester, you probably shouldn’t.

EndlessOS is a very simplified distro, aimed at lower-end hardware and people with only intermittent internet access. It has a cut-down GNOME-based desktop that resembles a mixture of Windows and smartphone interfaces, a rich selection of bundled software and reference materials, so it’s useful even when offline. It has no conventional package manager at all – it uses Red Hat’s OStree for deployment and updates, and Flatpak is the only way to install new apps. It’s very locked-down, so if you like to experiment it’s not the best choice, but use cases could include children or elderly relatives with older computers.

There are many more Debian offshoots than the 15 or so we’ve mentioned here. We plan to return regularly to this area and cover existing contenders in more depth, as well as new and upcoming entrants. Let us know if there are ones you would particularly like to read about. ®



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .




Leave a Reply

Your email address will not be published.

− 2 = five