FOSS Is Fun
Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn’t support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).
You can try this yourself in Firefox by disabling ciphers (search for security.ssl3
in about:config
) or by setting the minimum TLS version to 1.3 (security.tls.version.min
= 4
in about:config
).
They aren’t as natural. E. g. you have to swipe the same direction to open or close the window overview, whereas with GNOME the animation actually follows the direction your fingers are swiping. But they at least reliably trigger the action you want to execute.
Since Plasma doesn’t have dynamic workspaces, I use it completely differently than GNOME anyways. E. g. I don’t make use of workspaces and use minimise instead. Therefore touchpad gestures on Plasma are much less relevant to me than on GNOME at the moment.
Until a couple of weeks ago I used Fedora Silverblue.
Then, after mostly using GNOME Shell for about a decade, I (reluctantly) tried KDE Plasma 5.27 on my desktop due to its support for variable refresh rate and since then I have fallen in love with KDE Plasma for the first time (retrospectively I couldn’t stand it from version 4 until around 5.20).
Now I am using Fedora 39 Kinoite on two of my three devices and Fedora 39 KDE on a 2-in-1 laptop that requires custom DKMS modules (not possible on atomic Fedora spins) for the speakers.
Personally I try to use containers (Flatpaks on the desktop and OCI images on my homeserver) whenever possible. I love that I can easily restrict or expand permissions (e. g. I have a global nosocket=x11
override) and that my documentation is valid with most distributions, since Flatpak always behaves the same.
I like using Fedora, since it isn’t a rolling release, but its software is still up-to-date and it has always (first version I used is Fedora 15) given me a clean, stable and relatively bug-free experience.
In my opinion Ubuntu actually has the perfect release cycle, but Canonical lost me with their flawed-by-design snap packages and their new installers with incredibly limited manual partitioning options (encryption without LVM, etc.).
In my opinion Plasma has gotten much better with the last couple of releases. Around 5.21 the defaults actually got pretty good and since 5.24 Wayland support is quite good, on par with GNOME in my opinion.
After using GNOME Shell for a decade I have recently switched to Plasma 5.27 on my desktop due to its VRR support (I have two 170 Hz QHD monitors). A couple of weeks later I also moved my laptops to Plasma, even though I wanted to keep GNOME on them, since Plasma has gotten so nice!
Just wanted to give a heads-up in case you haven’t tried Plasma in the last couple of years. ;) But especially if you rely on dynamic workspaces and don’t want to adapt your workflow (like I did when I switched to Plasma), there’s just no alternative to GNOME and it has gotten really polished and nice as well.
My whole infrastructure is designed so that my homeserver is expendable.
Therefore my most important tool is Syncthing. It is decentral, which is awesome for uptime and reducing dependance on a single point of failure. My server is configured as the “introducer” node for convenience.
I try to find file-based applications, such as KeePassXC or Obsidian, whenever I can so that I can sync as much as possible with Syncthing.
Therefore there is (luckily) not much left to host and all of it is less critical:
- Nextcloud AIO: calendar, contacts, RSS, Syncthing files via external storage
- Webserver: Firefox search plugins (Why is this necessary, Mozilla?!), custom uBlock Origin filter list, personal website
So the worst thing that can happen when my server fails is: I need to import my OPML to a cloud provider and I loose syncing for some less important stuff and my homepage is not accessible.
Since I just rebuilt my server, I can confirm that I managed a whole week without it just fine. Thank you very much, Syncthing!
Linux Mint nowadays supports release upgrades, but you have to follow their blog to know when a new major Mint release is out and you have to manually install mintupgrade
and do the upgrade.
So it is definitely not caused by technical constraints, as Mint has implemented the difficult part (providing and testing an upgrade path) already. Notifying the user about a new release upgrade shouldn’t be too difficult? E. g. in the most simple form you could probably preinstall a package that does nothing at first, but receives an update once the next Mint release is out to send a notification to the user to inform about a new Mint release.
When it comes to elementary OS, I think they could support in-place upgrades, as they properly use metapackages (unlike Mint, which marks most packages as manually installed and doesn’t really utilise automatically installed packages and metapackages in a way that you would expect on a Ubuntu-based distro), but they probably don’t want to allocate / don’t have the resources to test an official upgrade path.
But again, I don’t understand why it is so difficult for elementary OS to at least provide a simple notification to the user that a new version is out. Even if the users have to reinstall, it is critical to inform them that their OS is about to become end of life. You know, people do things like online banking on their computers …
It’s the first thing I check with every distribution and if it doesn’t have an EOL / upgrade notification, it is immediately out.
This has always been the case with Ubuntu. Ubuntu only ever supported its main
repository with security updates. Now they offer (paid) support for the universe
repository in addition, which is a bonus for Ubuntu users, as they now have a greater selection of packages with security updates.
If you don’t opt-in to use Ubuntu Pro, nothing changes and Ubuntu will be as secure (or insecure) as it has always been. If you disable universe
and multiverse
you have a Ubuntu system where all packages receive guaranteed security updates for free.
Please note: I still don’t recommend Ubuntu due to snapd
not supporting third-party repositories, but that’s no reason not to get the facts right.
Debian has always been the better choice if you required security updates for the complete package repository.
Personally I have my doubts if Debian actually manages to reliably backport security updates for all its packages. Afterall Eclipse was stuck on version 3.8 for multiple Debian releases due to lack of a maintainer …
There are plenty of reasons to get rid of Ubuntu, but this isn’t one of them.
Before Ubuntu Pro, packages in universe
(and multiverse
) were not receiving (security) updates at all, unless someone from the community stepped up and maintained the package. Now Canonical provides security updates for universe
, for the first time since Ubuntu has been introduced, via Ubuntu Pro, which is free for up to five personal devices and paid for all other use cases.
Debian is actually not that different (anymore). If you read the release notes of Debian 12, you’ll notice that quite a few package groups are excluded from guaranteed security updates, just like packages in universe
are in Ubuntu. Unlike Ubuntu, Debian doesn’t split its package repository by security support though.
It misses one important choice: “I want to get notified of new releases of the operating system and want to have a graphical upgrade path.”
Otherwise people just run their no longer supported OS until something stops working (I’ve seen this countless times …), as very few people follow blog posts or social media feeds of their operating system.
This rules out lots of supposedly “beginner friendly” distributions, such as elementary OS or Linux Mint, as they don’t notify users about the availability of a new distribution release. Elementary OS doesn’t even offer in-place upgrades and requires a reinstallation.