I've been a Linux admin for 25 years but up until a few months ago my personal computer has been windows (gaming desktop) or Mac (laptop).
I decided to give desktop Linux another shot and I'm glad I did. I was prepared for a lot of jankiness but figured I have enough experience to fix whatever needs fixing. Surprisingly, this has not been the case at all, the PC has been not only as stable as Windows or Mac but also performs better and is much more comfortable and intuitive to use. I never really want to "work on" my personal computer, I want it to just be there for me reliably. I've always had a soft spot for free software, but I just couldn't justify the effort until now.
So I guess this is my love letter to all the devs that have made the modern Linux desktop possible. Even compared to just a few years ago, the difference is immense. Keep up the good work.
I've been running a Linux desktop for about 13 years. There are still "moments" where you have to work on it and it can be more opaque than Windows/Mac. But you have the control to do what you need to do, which is one huge factor for me in Linux's favor.
I moved my immediate and mostly non-tech family to all run Linux including an aging relative who needed a locked-down Firefox install to keep her from falling victim to predatory sites and extensions. Pretty easy to script the entirety of the OS install and lockdown so that it was documented and repeatable. Can't do that without techie roots but I love that it's possible and mostly straightforward from a scripting perspective. It's almost exclusively get the right file with the right config in the right place and restart a service.
The only major day-to-day downside IMO is battery life on Linux laptops. Can't compare to current generation of Macs but that's true for Windows too.
I have been using desktop Linux for about the same amount of time and the way I see it now, even on the occasion where I have to troubleshoot something weird (which has maybe been one or two times in the past few years), it doesn't sound any different from the issues people are having with Windows and Mac these days—and at least I can fix it!
Yes exactly. When I had a Mac for work, I had to tinker with that thing just as much if not more so than I do Linux. To windows credit, it was the best of the three when it came to not having to tinker to get what I want, but the lack of ability to configure it in a way that was comfortable and preferable was more limited and difficult, so there were annoyances I had to just live with. The point at which they started injecting ads into my desktop experience was a dark day and the day I said goodbye
Oh god, I had a Mac for work recently and had to spend 3 weeks becoming an expert in Mac External Displays And Thunderbolt just to get my HP Thunderbolt 4 dock (officially compatible with Macs!) to use a dual monitor setup with it. Finally I got it working, but every configuration I tried Just Worked(tm) on Linux. Jeez...
> Openbox does everything I need it to. I don’t want Mac or Windows, they both suck in ways I can’t change.
Sure, Linux can be rougher, but at least I’m not helpless here. I can make the changes I need, and the software is generally less broken IME
In my experience, the remaining difficulties with Linux tend to revolve around managing ownership and permissions of files and directories.
I recently plugged in my external hard drive into my Linux PC and it just wouldn't read it. "You do not have permission to access this drive" or something like that. The solution after googling ended up being (for some reason) some combination of sudo chown -R user /dev/sda1 and unplugging and reconnecting the drive.
No way to do that from the GUI (on KDE at least) and I'm not sure how I'd even solve that problem if I didn't know the super user password.
Still glad to be using Linux, of course, but sometimes these problems still pop up.
This shouldn't happen with external disks formatted with ntfs, ext or udf. If you have an EXT4 or something like that external disk things get more hazy...
Whether it should or shouldn't, it did. But I think the issue is less that it happened, and more that the user interface doesn't respond to the "no permission" error by offering up a button you can click to attempt to grant yourself permission. If it can be done through the terminal, there should be a novice friendly way as well.
(For that matter, a novice user shouldn't even have to know how their external hard drive is formatted! It might not even be their drive; it could be a family member attempting to share photos with them. If they're just plugging it in for the first time and seeing errors, they'd be pretty hesitant to mess around with the terminal typing in commands they don't understand).
Sorry, I didn't mean to imply this isn't an important problem that needs to be addressed. I mostly agree with what you say and I bet the right way to deal with this is to have it be mounted with a special user space filesystem like fuse that wraps the permissions to always look correct for the user that mounted it, but I guess no one so far has decided to take upon such task...
no? A file system is the format that the data on the disk is stored as. If you mount an ext4 disk as ntfs, it wouldn't load properly. It's not just the interface for loading the data, it's how the data is actually stored.
There's no concept of "external". What would it be, "USB" or anything mounted under /mnt or /media? What if it's the root OS drive of another computer you're trying to fix connected through a USB-SATA adapter? Should any program running with minimized privileges get to overwrite even root files in that OS drive?
I think that it's a pretty good heuristic that if permissions exist in the filesystem, they matter and shouldn't be ignored.
I don't doubt you had that problem. But it, and the solution you want, sound a bit strange. You want a button that gives your user access to everything despite its access settings... Than login and work as root.
I mean it's hard to tell what really happened. But a different user could have created this files with access rights only for himself on purpose. Something one can do with NTFS on Windows too. It also could have been a distro bug.
> but sometimes these problems still pop up.
I'm a 90% Windows- 9.5% Linux- 0.5% Mac-Admin at day job: Don't tell me Windows has no problems poping up. ;-)
Yes. Another user could have restricted access rights on purpose, maybe? But I can still apparently seize them for myself by typing an arcane command into the terminal. Why shouldn't the UI give me a way to do this more easily?
If it requires typing in an admin password to solve, so be it, but at least the UI could lead me to the answer while offering a password prompt.
And yes, I wasn't telling you that Windows has no problems. In fact, Windows probably caused this problem -- this drive worked just fine with Linux the night before; then I transferred some files into it from Windows and plugged it back into my Linux computer and suddenly this happened. I have no doubt that Windows was responsible for messing up the drive state and causing the problem. But to a non-technical user, it's not a question of who is to blame; Windows reads the drive fine whereas Linux gives an error that has no obvious solution. And it can't be solved by right clicking the drive in the explorer and selecting "take ownership and mount" or something like that, it requires using an unfamiliar command into the terminal to fix the problem. And that's basically the case with most file-permission errors that I encounter on Linux systems.
Hm, I'm a KDE user. I just tested what happens when I try to open a folder I don't have access rights for. The standard file browser Dolphin says authentication is required. "Act as administrator." If clicked there comes a warning and I can enter my password. Than it shows the content.
Good! That's exactly what I would like to have happen! I think the error was more like that it didn't have permission to mount the drive. I logged the message at the time, but I don't have access to that computer this week, so I'm going from memory.
I managed to get around ~7W idle on a 2024 dgpu/igpu laptop, with room to further optimize. From my limited casual checks (nowhere near proper benchmark), it's better than windows.
But yes it's an area that still requires tweaking, which is a cost I don't want to incur. Also just within this year I got a regression (later fixed) because of a bug in nvidia-open driver so it stopped going into low power state giving me a toaster on the go. These are still very obscure to root cause and fix.
> The ThinkPad T14s Gen 6 Intel lasted for more than 21 hours in our Wi-Fi test (150 cd/m² brightness). This device will easily last more than ten hours in everyday use.
Also, tested on Windows not Linux. Still, if I could get 10 hours of regular usage on Linux, I'd be ecstatic.
If you add a MacBook to comparison there on that website, you'll see they last basically the same in same usage. Qualcomm actually can get even more hours, if I remember correctly.
In any case, I don't think the battery time is an issue anyone with 2025+ devices.
I've been on Mint for nearly 4 years now,. migrating from Windows.
The only hiccup I had was botched updates once, and the OS would error during boot.
The fix was easy, boot to terminal, fiddle with timeshift to restore to the point prior to update, then apply de updates carefully with a few reboots in between.
Now, was that easy? For someone well versed in the technicalities, yes. For a layman, probably not.
Now, that said, it was the only problem I had in 4 years. It has been very smooth sailing besides that.
My experience with Windows prior to that was always horrible. Yearly clean installs because after a while the computer felt extremely sluggish. Random blue screens for god knows what reason.
I've been running desktop Linux for about eighteen years, though I did take a break and run a Macbook for about four years.
It's a little upsetting that Windows has gotten so terrible, because I think in a lot of ways the NT Kernel is a better piece of software than the Linux kernel. Drivers are simply easier to install and they generally don't require a reboot and they don't require messing with kernel modules, IO is non-blocking by default, and a bunch of other things that are cool and arguably better than Linux.
The problem is that, while the kernel is an important part of an operating system, it's not the only part. Even if the NT kernel were the objectively best piece of software ever to be written by humans, that still doesn't change the fact that Windows has become a pretty awful mess. They have loaded the OS with so much crap (and ads now!), the Windows Update tool routinely breaks your computer, their recovery/repair tools simply do not work, their filesystem is geriatric and has been been left behind compared to stuff like ZFS, btrfs, and APFS, and they don't really seem determined to fix any of this stuff.
Even if the Linux kernel were to be slightly worse, it's still good enough. Even if you do have to muck with kernel modules it's not that hard now with DKMS. Even if the IO is blocking by default epoll has been around for decades and works fine.
So at that point, if the kernel is good enough, and if we can get userland decent enough, then desktop Linux is better than Windows. Linux is good enough, without ads, with recovery tools that actually work, and performs comparably or better than Windows.
My experience, as a software developer, is that both Windows and Linux desktop are great. The biggest advantage Windows has is better support for desktop applications that are used by a lot of people, which is just the nature of Windows being more popular for desktop users, and is why I use it. With Linux, it's more likely you'll have to be a bit more savvy with occasional issues.
To note, with official Linux support on Windows, it's trivial for me to get everything I want as a developer on Windows, so that's never been a hard blocker for me.
> To note, with official Linux support on Windows, it's trivial for me to get everything I want as a developer on Windows, so that's never been a hard blocker for me.
Maybe not as a developer, but as a user I still think WSL is only kind of superficially a solution. You still are stuck with an update process that happens automatically and can brick your computer and recovery tools that, as far as I can tell, have never actually worked for anyone in history. You're still stuck with NTFS, which was a perfectly fine filesystem thirty years ago but now is missing basic features, like competent snapshotting/backups, and instead you have to rely on System Restore, which again doesn't actually work.
I mean, yeah, you can do `sudo apt install neovim`, and that's kind of cool I guess, but the problems with Windows, to me are far deeper and cannot be solved with a virtualization layer on top.
I've been using Linux as a desktop for that entire time, and actually, it was better before. The hardware was simpler, more compatible, and relied less on firmware blobs, so making Linux drivers was way easier. And the software was simpler because GUI makers weren't trying to be fancy. The peak of Linux desktop stability and ease of use was in 2002. It's been downhill from there.
The fact that you now need an account for almost any piece of hardware, including computers, phones etc is a major drawback that arrived with the internet era. Linux has been able to avoid that temptation.
Let's not get ahead of ourselves here. 15 years ago I was still looking up installation and driver procedures and workarounds to install Linux on my devices. I failed to install arch in college because I didn't have a driver for my SATA drive for example.
Today though. Yeah totally easy. Especially if you get one of the many machines with Linux support. Smooth sailing all around.
Facetiously: Well actually, you didn't need a driver for the SATA drive but the SATA controller.
Something that was also true for Windows and such a common problem that many BIOSes would offer a IDE compatibility mode one could switch to.
26 years ago I installed SUSE and it just worked on my self build PC. Smooth sailing all around. Than I tried Debian and couldn't for the life of me get X11 to work.
So yeah, the distro and hardware lottery is still a problem.
The only reason I haven't gone over to Linux is gaming with my RTX card. Interested to know your gaming setup and distro. Any stability/compatibility issues?
Personally I find just using nftables.conf straightforward enough that I don't really understand the need for anything additional. With iptables, it was painful, but iptables has been deprecated for a while now.
Same here, I'm surprised most linux users I know like to install firewalld, UFW, or some other overlaying firewall rather than just editing the nftables config directly. It's not very difficult, although I've never really dug deep into the weeds of iptables. I suspect many people who have used iptables long ago in the past assume nftables is samilar and avoid interacting with it directly out of habit.
Not sure what you find difficult about it, but I just took the "workstation" config from the gentoo wiki and used it on my laptop.
Perhaps if you're doing more complicated things like bridging interfaces or rerouting traffic it would be more difficult to use than the alternatives, but for a simple whitelist it's extremely easy to configure and modify.
It's an open protocol, you don't need to use any of the vendors. My Yubikey is a "passkey", so is my Flipper Zero. Keepass provides passkey support.
For the general public, they already rely on either Google or Apple for pretty much all of their digital life. Nothing wrong with extending this to passkeys, it's convenient and makes sense for them.
> It's an open protocol, you don't need to use any of the vendors. My Yubikey is a "passkey", so is my Flipper Zero. Keepass provides passkey support.
I don't want to use a Yubikey. It's a pain in the butt. I just want to use my Mac, with no more damn dongles.
Keepass is a vendor, and one who doesn't even have a Safari extension.
> Nothing wrong with extending this to passkeys, it's convenient and makes sense for them.
I didn't say there was anything wrong with extending this to passkeys. The problem is the lock-in, e.g., Safari requires iCloud keychain for passkeys, but not for passwords. And there is no plaintext export/import, unlike with passwords.
Nobody can convince me that passkeys are good when I buy a Mac and use the built-in Safari but can't even use passkeys to log in to websites unless I give my passkeys to a cloud sync service or have to install some third-party "solution" (for a problem that should not exist in the first place). That experience is so much worse than passwords.
All of the 3rd party credential managers I’ve used that support passkeys work with safari, and through the APIs that Apple offers the credential managers you can even pick your default CM and never think about iCloud again…
So everyone has wanted "year of the Linux desktop" for a while. This year, since Microsoft has decided to call open season on their own feet and Valve has taken a break from swimming in their money pool to make sure absolutely any piece of software ever written can run on Linux, it looks like this might actually be happening. I am seeing a massive influx of new users, driven by distros like Cachy, Nobara, Bazzite. A lot of them don't have previous Linux experience and are generally not the most technically savvy users.
This absolutely terrifies me. Linux desktop security is, to put it politely, nonexistant. And the culture that goes with Linux desktop users just makes things worse, there's still a lot of BOFH gatekeeping going on, laughing at the new users when they inevitably mess something up and worst of all, completely refusing to admit that the Linux desktop has security issues. Whenever a new user asks what antivirus they should run, they are usually met with derision and ridicule, because the (oldschool) Linux users genuinely think their computers are somehow immune and can never be hacked.
The first cybercriminals to put some development effort into Linux ransomware/stealers are going to wreak havoc and a lot of people are going to be in for a rude awakening. The D-Bus issue with secrets in the article is just one of many many many ways in which Linux desktops are insecure by design.
There are of course distros out there that take security seriously, but we are not really seeing new users migrating to Qubes en masse.
Edit: not calling out the distros above in particular, all 3 are doing very good work and are not really any worse in security than most other distros.
Any windows program you download can steal all your secrets too. The only operating systems that isolate programs by default are on phones (and chromebooks).
Unless you give it admin permissions, it really can't (admittedly, a lot of Windows users do run their computers with their admin account by default). Also, Windows users generally have at least some kind of anti-malware running, which, while not perfect, does work well against most spray-and-pray malware out there.
Edit: did some research, I must correct myself, the stealers have indeed evolved so admin permissions are not required for most credentials on Windows either.
However, should "strictly speaking, not really worse than Windows" be the security target we aim for in Linux?
All your data is owned by your user. If you run a program, it will have access to all your data. Admin or not is irrelevant here.
The keyring is pretty open on Windows, if you know the key you can request anything even if stored by another app. There is a way to lock a secret to a specific app but it's not properly enforced in most versions of Windows.
The only user data that would require admin privilege is that of sandboxed Windows Store applications where even the owner can't access it directly from outside the program and you have to be admin.
The main problems with these kinds of in-repo vault solutions:
- Sharing encryption key for all team members. You need to be able to remove/add people with access. Only way is to rotate the key and only let the current set of people know about the new one.
- Version control is pointless, you just see that the vault changed, no hint as to what was actually updated in the vault.
- Unless you are really careful, just one time forgetting to encrypt the vault when committing changes means you need to rotate all your secrets.
Agreed with 1 and 3, just a tip re 2 though: sops encodes json and yaml semantically, key names of objects are preserved. Iow you can see which key changed.
Whether that is a feature or a metadata leak is up to the beholder :)
you're enrolling a particular users public/key and encrypting a symmetric key using their public key, not generating a single encryption key which you distribute. You can roll the underlying encryption key at any time and git-crypt will work transparently for all users since they get the new symmetric key when they pull (encrypted with their asymmetric key).
> Version control is pointless
git-crypt solves this for local diff operations. for anything web-based like git{hub,lab,tea,coffee} it still sucks.
> - Unless you are really careful, just one time forgetting to encrypt the vault when committing changes means you need to rotate all your secrets.
With git-crypt, if you have gitattributes set correctly (to include a file) and git-crypt is not working correctly or can't encrypt things, it will fail to commit so no risk there.
You can, of course, put secrets in files which you don't chose to encrypt. That is, I suppose, a risk of any solution regardless of in-repo vs out-of-repo encryption.
for 1), seems like you could do a proxy encryption solution.
edit: wrong way to phrase I think. What I mean to say is, have a message key to encrypt the body, but then rotate that when team membership changes, and "let them know" by updating a header that has the new message key encrypted using a key derived using each current member's public key.
Cloudflare is widely used because it's the easiest way to run a website for free or expose local services to internet. I think for most cloudflare users, the ddos protection is not the main reason they're using it.
I decided to give desktop Linux another shot and I'm glad I did. I was prepared for a lot of jankiness but figured I have enough experience to fix whatever needs fixing. Surprisingly, this has not been the case at all, the PC has been not only as stable as Windows or Mac but also performs better and is much more comfortable and intuitive to use. I never really want to "work on" my personal computer, I want it to just be there for me reliably. I've always had a soft spot for free software, but I just couldn't justify the effort until now.
So I guess this is my love letter to all the devs that have made the modern Linux desktop possible. Even compared to just a few years ago, the difference is immense. Keep up the good work.
reply