Author

Topic: Which Linux distribution would you use now? (Read 777 times)

legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
December 06, 2023, 04:46:56 PM
#50
I mean something even older such as Windows XP (EOL on 2014) where i see some people claim they can't use internet properly due to SSL/TLS problem.

Yeah, Win XP is really old, however this thread suggests that these issues can be solved by installing a custom browser or a new root CA:

https://www.reddit.com/r/windowsxp/comments/qv8u9k/cant_connect_to_https_with_win_xp/

Another solution I was able to find is to install an update (KB3055973-v3), which adds support for TLS 128-bit & 256-bit Advanced Encryption Standard (AES) cipher suites. After that, you should be good to go and no OS update is necessary.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 06, 2023, 06:11:50 AM
#49


Talking about Windows, are you aware of LTSC version which has less bloat and longer support?

Yeah, that is what I have been using since day 1. Windows 10 LTSC Enterprise version 1809. It works pretty well, gets updated, and has never added anything in terms of bloatware, so im good. Im not sure for how long does this get you covered before they force you to update to Windows 11. I think it was 10 years, so arround 2028 I'll have to update to whatever is the next best thing that's lightweight and long term supported.

I see, that's great. Although Microsoft had history of reducing support duration for LTSC or similar product.

Perhaps,
1. OS you used isn't that old.
2. There's background application which regularly obtain new trusted certificate.
3. The browser remain up to date even though it's on old OS.
Windows Server 2008R2 is pretty old, it went EOL back in 2020. Browsers are not always up to date on older OSs. I've seen Chrome and Firefox failing to update because new version is not supported by old OS.

I mean something even older such as Windows XP (EOL on 2014) where i see some people claim they can't use internet properly due to SSL/TLS problem.
legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
December 05, 2023, 02:40:37 PM
#48
Perhaps,
1. OS you used isn't that old.
2. There's background application which regularly obtain new trusted certificate.
3. The browser remain up to date even though it's on old OS.
Windows Server 2008R2 is pretty old, it went EOL back in 2020. Browsers are not always up to date on older OSs. I've seen Chrome and Firefox failing to update because new version is not supported by old OS.

Quote from: ETFbitcoin
No critical vulnerabilities is impossible, although no hacker target that server sounds plausible.
Again, from my experience Linux kernels are pretty solid and it's quite hard to get access to it remotely, unless an admin makes a mistake and leaves something open or remote access software like openssh has a vulnerability. So perhaps even if it's a "critical vulnerability" it's almost impossible to compromise such system remotely.
sr. member
Activity: 317
Merit: 448
December 04, 2023, 09:50:50 PM
#47


Talking about Windows, are you aware of LTSC version which has less bloat and longer support?

Yeah, that is what I have been using since day 1. Windows 10 LTSC Enterprise version 1809. It works pretty well, gets updated, and has never added anything in terms of bloatware, so im good. Im not sure for how long does this get you covered before they force you to update to Windows 11. I think it was 10 years, so arround 2028 I'll have to update to whatever is the next best thing that's lightweight and long term supported.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 03, 2023, 04:33:37 AM
#46
Aside from security, you might face unexpected behavior after long time it receive last update. For example,
  • Repository or website which host software for your OS no longer exist.
  • Some application cannot use internet connection properly due to certificate problem.
Yes, official repos may go down after some time. But like in case of Centos 6 there are some archive or even 3rd party repos you can continue using.

Fair point. Although using archive is less convenient (which isn't problem for Linux geek/administrator) while you need to trust that 3rd party repos.

I'm mostly using systems with no GUI but I'm yet to see an OS which can't connect to the internet because it's too old. Until recently I was running a Windows 2008R2 machine which was complaining all the time and the browser stopped updating but you could connect anyway.

Perhaps,
1. OS you used isn't that old.
2. There's background application which regularly obtain new trusted certificate.
3. The browser remain up to date even though it's on old OS.

Quote from: ETFbitcoin
What exactly do you mean by rock solid? Rarely crash?
Yeah, that, and also security-wise. Firewall keeps working, kernel has no critical vulnerabilities. Ar least they weren't exploited. Of course, I wouldn't run something connected with finance, payment processing, health, military or some other sensitive data on such a machine.

No critical vulnerabilities is impossible, although no hacker target that server sounds plausible.
legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
December 03, 2023, 03:15:01 AM
#45
Aside from security, you might face unexpected behavior after long time it receive last update. For example,
  • Repository or website which host software for your OS no longer exist.
  • Some application cannot use internet connection properly due to certificate problem.
Yes, official repos may go down after some time. But like in case of Centos 6 there are some archive or even 3rd party repos you can continue using.

I'm mostly using systems with no GUI but I'm yet to see an OS which can't connect to the internet because it's too old. Until recently I was running a Windows 2008R2 machine which was complaining all the time and the browser stopped updating but you could connect anyway.

Quote from: ETFbitcoin
What exactly do you mean by rock solid? Rarely crash?
Yeah, that, and also security-wise. Firewall keeps working, kernel has no critical vulnerabilities. Ar least they weren't exploited. Of course, I wouldn't run something connected with finance, payment processing, health, military or some other sensitive data on such a machine.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 02, 2023, 05:51:54 AM
#44
--snip--
I'm not sure why everyone is so obsessed with updates. Many would say it's not safe to keep using OS without getting regular updates,

Aside from security, you might face unexpected behavior after long time it receive last update. For example,
  • Repository or website which host software for your OS no longer exist.
  • Some application cannot use internet connection properly due to certificate problem.

but I've seen lots of machines running something ancient like Centos 5 for example and yet they're rock solid. Don't fix it if ain't broken they say.

What exactly do you mean by rock solid? Rarely crash?

For my Windows computer I was using Windows 7 until the very last day and I hope to do the same with Windows 10.

Talking about Windows, are you aware of LTSC version which has less bloat and longer support?
sr. member
Activity: 317
Merit: 448
December 01, 2023, 11:24:29 PM
#43
I have been running the same distro for years and now im basically forced to wipe the install and start from scratch because they stopped rolling updates. I was using Elementary OS version 5 and as you can see the Ubuntu release it's based on doesn't do updates anymore.

elementary OS Version    Released    Ubuntu Release    Ubuntu Maintenance Updates
0.4 Loki                            Sep 9, 2016    16.04 LTS    April 2021
5 Juno                            Oct 16, 2018    18.04 LTS    April 2023
5.1 Hera                            Dec 3, 2019    18.04 LTS    April 2023
6 Odin                            Aug 10, 2021    20.04 LTS    April 2025
6.1 Jólnir                            Dec 20, 2021    20.04 LTS    April 2025
7.0 Horus                            Jan 31, 2023    22.04 LTS    April 2027


I want to ask what people here are using. I want something that is easy to install that has full disk encryption features during the install on the GUI. And basically something without privacy unfriendly bloatware (like Ubuntu).

I would also like something that doesn't force you to wipe your stuff and start from scratch every 2 or 3 years.

I was looking at n0nce's guide on OpenSUSE. I have never tried that one. Not sure if meets the criteria but having a guide is really nice and would save a lot of time. But there's not much documentation in regards to Bitcoin, most of it is Ubuntu or Debian based. Someone commented this:

Quote
SUSE is rather painful to get in to in some aspects. I did many custom deployments of OS and post install automatic configuration. Suse frustrated me because they put things in different places compared to  most of the other distros, and have an extremely capable and complicated installation control file. Unfortunately, it is not easily created and the documentation is partially missing. To allow users/admins to make use of control files; ALL the possible valid options must be listed in the documentation and this documentation needs to be in a well known or easily found location. It is only AFTER investing considerable time that I came to appreciate the odd and different over-engineered aspects of SUSE. It is very powerful.

So I would rather use something more common. I want to be able to search for stuff and find answers.

mocacinno has a guide for CentOS, but it hasn't been update in 3 years so probably there's some stuff that changed.

Does anyone maintain any other guides for different distros? Im interested in mostly a Bitcoin Core node to form transaction in a desktop install, and a watch-only wallet to broadcast them and check funds, and do this through Tor with a laptop.

There has to be a simple OS that just works. But I guess im going to need to go with Ubuntu based ones so that will require full updates every 2 or 3 years when LTS versions run out of updates. And since I use full disk encryption im going to need to reinstall the whole think backing up the wallets and resync. I guess I can do that every few years. In that case I would try the new ElementaryOS but I would like to know what people hereare using, please let me know so I decide what to install.

I'm not sure why everyone is so obsessed with updates. Many would say it's not safe to keep using OS without getting regular updates, but I've seen lots of machines running something ancient like Centos 5 for example and yet they're rock solid. Don't fix it if ain't broken they say. Reinstalling from scratch every 5 or even 3 years doesn't seem reasonable to me. Just my 2c.

Well one would expect that as time progresses bugs are found which can be exploited, and these exploits would receive updates, so it seems reasonable to update when possible. Of course reinstalling sucks but what can you do? Beside going for LTS releases, at some point you need to reinstall which sucks, that is why try to extend as much as possible each install. For my Windows computer I was using Windows 7 until the very last day and I hope to do the same with Windows 10.
legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
November 30, 2023, 02:59:37 PM
#42
I have been running the same distro for years and now im basically forced to wipe the install and start from scratch because they stopped rolling updates. I was using Elementary OS version 5 and as you can see the Ubuntu release it's based on doesn't do updates anymore.

elementary OS Version    Released    Ubuntu Release    Ubuntu Maintenance Updates
0.4 Loki                            Sep 9, 2016    16.04 LTS    April 2021
5 Juno                            Oct 16, 2018    18.04 LTS    April 2023
5.1 Hera                            Dec 3, 2019    18.04 LTS    April 2023
6 Odin                            Aug 10, 2021    20.04 LTS    April 2025
6.1 Jólnir                            Dec 20, 2021    20.04 LTS    April 2025
7.0 Horus                            Jan 31, 2023    22.04 LTS    April 2027


I want to ask what people here are using. I want something that is easy to install that has full disk encryption features during the install on the GUI. And basically something without privacy unfriendly bloatware (like Ubuntu).

I would also like something that doesn't force you to wipe your stuff and start from scratch every 2 or 3 years.

I was looking at n0nce's guide on OpenSUSE. I have never tried that one. Not sure if meets the criteria but having a guide is really nice and would save a lot of time. But there's not much documentation in regards to Bitcoin, most of it is Ubuntu or Debian based. Someone commented this:

Quote
SUSE is rather painful to get in to in some aspects. I did many custom deployments of OS and post install automatic configuration. Suse frustrated me because they put things in different places compared to  most of the other distros, and have an extremely capable and complicated installation control file. Unfortunately, it is not easily created and the documentation is partially missing. To allow users/admins to make use of control files; ALL the possible valid options must be listed in the documentation and this documentation needs to be in a well known or easily found location. It is only AFTER investing considerable time that I came to appreciate the odd and different over-engineered aspects of SUSE. It is very powerful.

So I would rather use something more common. I want to be able to search for stuff and find answers.

mocacinno has a guide for CentOS, but it hasn't been update in 3 years so probably there's some stuff that changed.

Does anyone maintain any other guides for different distros? Im interested in mostly a Bitcoin Core node to form transaction in a desktop install, and a watch-only wallet to broadcast them and check funds, and do this through Tor with a laptop.

There has to be a simple OS that just works. But I guess im going to need to go with Ubuntu based ones so that will require full updates every 2 or 3 years when LTS versions run out of updates. And since I use full disk encryption im going to need to reinstall the whole think backing up the wallets and resync. I guess I can do that every few years. In that case I would try the new ElementaryOS but I would like to know what people hereare using, please let me know so I decide what to install.

I'm not sure why everyone is so obsessed with updates. Many would say it's not safe to keep using OS without getting regular updates, but I've seen lots of machines running something ancient like Centos 5 for example and yet they're rock solid. Don't fix it if ain't broken they say. Reinstalling from scratch every 5 or even 3 years doesn't seem reasonable to me. Just my 2c.
legendary
Activity: 2898
Merit: 1823
November 28, 2023, 08:48:59 AM
#41
You could also "virtualize" the different tasks that you do by merely using a distro like Linux Mint as your base OS + VirtualBox. The base OS should NOT be used for anything else except to run your VMs to avoid it getting infected with malware and being exploited.

Isn't Qubes OS more suited if you want to virtualize everything?


I was merely suggesting an option if a user doesn't have the hardware requirements to run Qubes, or if someone is new to Linux. Linux Mint + VirtualBox + Lubuntu VMs are probably simpler, and perhaps it's easier to find resources if the user needs to troubleshoot or has unexpected problems with the set up.

Quote

Quote
Linux Mint is probably good as a base OS + use Lubuntu for your VMs.
That works very well too Smiley


Well enough for a not very technical pleb like me. Haha. Cool
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
November 28, 2023, 06:54:14 AM
#40
You could also "virtualize" the different tasks that you do by merely using a distro like Linux Mint as your base OS + VirtualBox. The base OS should NOT be used for anything else except to run your VMs to avoid it getting infected with malware and being exploited.
Isn't Qubes OS more suited if you want to virtualize everything?

It's also worth to mention VirtualBox usually is slower than KVM even though it's easier to setup and use.

Look for an LTS version, they are supported for 10 years usually after being released. In case you are using a bit old laptop, look for a lighter distro like XUbuntu to make the best out of your resources.

LTS version for which Linux distro? While Ubuntu LTS receive 10 years support, you only get first 5 years for free unless you willing subscribe Ubuntu Pro.
newbie
Activity: 12
Merit: 6
November 28, 2023, 06:26:42 AM
#39
Look for an LTS version, they are supported for 10 years usually after being released. In case you are using a bit old laptop, look for a lighter distro like XUbuntu to make the best out of your resources.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 28, 2023, 05:14:11 AM
#38
You could also "virtualize" the different tasks that you do by merely using a distro like Linux Mint as your base OS + VirtualBox. The base OS should NOT be used for anything else except to run your VMs to avoid it getting infected with malware and being exploited.
Isn't Qubes OS more suited if you want to virtualize everything?

Quote
Linux Mint is probably good as a base OS + use Lubuntu for your VMs.
That works very well too Smiley
legendary
Activity: 2898
Merit: 1823
November 28, 2023, 01:29:07 AM
#37
Whonix only runs as a Virtual Machine.  There is no way you can INSTALL it as a stand alone Operating System.

There are two ways of running Whonix.  Qubes or Virtual Machine.  Qubes is kind of hard to get accustomed to if you are not a fan of new UI and if you are unprepared a new, overhauled experience with a Linux distribution.  I like Qubes because it gives you many options.  You create what they call 'Domains' which are pretty much Virtual Machines.  You can create a Windows 'Domain' with no Internet connection.  All Domains are separated.  They do not interfere.  Any USB you insert has to be assigned to Domains you want it to be assigned to.  Any thing you do is pretty much happening in separate Virtual Machines and Qubes is just an offline desktop to manage them.  Think of it as running multiple computers all on the same monitor.

Best part of it is that the main management desktop known as dom0 is offline while you can run online Domains.  With this being said.  If a Domain is hacked it is almost impossible for the virus or hacker to get to dom0 let alone another Domain.  It is overkill like you say however.  Unless you truly care about top notch Security.

Like I said however.  It is hard to get accustomed to it.  You will have to do a lot of documentation.  Reading their install documentation is very important too.  You will learn a ton of important things about keeping high levels of Privacy and Security while running Qubes.

Qubes offers full disk encryption in the Install GUI and is extremely Privacy friendly.  It has pretty big system requirements however.  There is an exhaustive list of computers tested with it.  Maybe it is helpful to you.  https://www.qubes-os.org/hcl/

Now that I wrote this all I realize I sound like a walking Qubes advertising billboard!

-----

Tails is fun and all but because of its amnesic properties it is not a great Operating System for daily use.  It was not meant to be a daily driver or to be used occasionally with Persistent Storage anyway.  So I do not recomment doing a Persistent installation of Tails.  What I like about it is the amnesic property of it.  But this makes it only a great temporary Operating System.  It is perfect if you need to quickly boot up Tails for an Internet search.

In some cases Tails is more secure and can offer more Privacy than Qubes can.  But for your needs this might not be it.  Would not recommend any body to run a Full Node on Tails.  Defeats the purpose of Tails and probably builds loop holes too weakening the Security you should have.

-----

Since you are looking at some Debian distros.  Why do you not just install the blank version of Debian?  Download and install only the first CD file from https://www.debian.org/CD/http-ftp/.  That will install the most stripped version of Debian.  Last time I checked, the stripped version of Debian is 100 percent Open Source.  Then you can install any non free driver or package you like by downloading it from https://www.debian.org/distrib/packages.  This is the most hard core way you can go if you do not trust any thing and any body.

What I like about Debian is pretty much ANY issue you will ever encounter with Debian will be about one or two quick searches away.  There is an entire community for this distro.  It is Debian after all.

Warning.  This means you will encounter a lot of problems you will have to fix by yourself one by one until you can get to run the things you need properly.

You will probably not even have Wi Fi drivers after installing the first CD.  Probably will not need that if you are using Ethernet any way.  You can look up drivers for any thing that does not work.  I doubt you will not find a way.  Internet is your friend.

But there is a bit of work to do if you want to keep it as clean as possible and this is the best way to do it.  Who needs display driver which is proprietary.  Who needs Bluetooth adapter.  Who needs all that B S.  I like it raw.

There are many other distributions but I would not trust them.  Fewer contributors and users means more loopholes.  Tails, Qubes and Debian are pretty much Top 3 for people who do not trust their computer and Operating System much.  Ubuntu is probably the most popular distribution across the Linux community but even Ubuntu is based on Debian.  Why run something that has been built on top of Debian when you can run Debian itself.

Other Privacy oriented distributions are more focused on Security than Privacy it seems.  Kali and such.

-----

Or give them all a try.  See which you like most.  Maybe you fall in love with one and keep it.


You could also "virtualize" the different tasks that you do by merely using a distro like Linux Mint as your base OS + VirtualBox. The base OS should NOT be used for anything else except to run your VMs to avoid it getting infected with malware and being exploited.

You can install VirtualBox and install different operating systems to separate your Bitcoin activities from your emails, browsing, and porn. Porn should be in its own VM. If that VM gets infected, it won't spread to your base OS and your other VMs.

Linux Mint is probably good as a base OS + use Lubuntu for your VMs.
sr. member
Activity: 317
Merit: 448
November 24, 2023, 08:26:14 PM
#36
Suse is knows as a secure distro, you would not believe how many flags pop up if you run the stig profile trough openscap on a plain vanilla installation... It took me ages to close most of the "gaps", but it's allmost impossible to get a perfect score. Next to this, security vulnerability's are found (and patched) on a daily basis, there ARE virusses targetting linux distro's... And then there's the PICNIC problem, every piece of software has config you CAN (and probably will) mess up, sometimes resulting in a (small) attack vector.
There will never be such thing as PERFECT Security.  There will always be gaps.

I tend to believe Linux offers better Security than Windows only if the user continues the same behavior they had when they had Windows installed.  Browsing the same pages.  The same websites.  Downloading from the same sources.

If your behavior changes from typical Windows user to paranoid Linux user then you are going to visit more Privacy oriented websites.  You will download from more Privacy oriented sources.  You will change your behavior.  I would say for the better.  But on the other hand there will be more Linux targeting viruses on such websites than if you search for things the usual user of Windows would.  As a consequence you are going to probably have about the same Security you had on Windows.

Also remember there is a Terminal we are supposed to use.  This gives us control but it is pointless to think of it as more secure if the user has no idea what they are writing into it.  Installing DEB files from unknown sources or with out verifying their legitimacy beforehand.  Downloading packages from the Internet instead of using the Terminal for this purpose.  Installing 'App Stores'.  Modifying and doing things as SU.  There are many ways some body could mess up badly even with the 'safest' Distro.

I would argue it is a steep learning curve but also a steep way to more Security.  The more you learn, the less likely an attack.  Any body who has never used Linux before.  If you want to separate from Windows and move to it, go ahead.  But I really do recommend you first experiment with it.  Get some old laptop and start messing with Linux.  See what is good or bad to do.  Learn.  When you are ready and feel safe to move permanently, go.

I would say you are already compromised by default no matter what you do if you run a Windows machine. Your entire operating system is essentially a backdoor since your code is unknown, so anything goes. A Linux user is going to be protected from that, since most software developers on Linux have an open source philosophy and such mindset and environment is free of viruses since if your code is open source, no one is going to bother with putting bad stuff on it anyway.

There's also the fact that anyone that bothers enough to look up a Windows alternative should already have some minimum knowledge of not downloading pirated software, visiting websites that tend to have scripts and so on.

As far as Debian, im going to go with version 12 since I've decided it's the best approach. SuSe is too niche for me and other alternatives are either bloated or lack documentation.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
November 23, 2023, 09:49:21 AM
#35
Suse is knows as a secure distro, you would not believe how many flags pop up if you run the stig profile trough openscap on a plain vanilla installation... It took me ages to close most of the "gaps", but it's allmost impossible to get a perfect score. Next to this, security vulnerability's are found (and patched) on a daily basis, there ARE virusses targetting linux distro's... And then there's the PICNIC problem, every piece of software has config you CAN (and probably will) mess up, sometimes resulting in a (small) attack vector.
There will never be such thing as PERFECT Security.  There will always be gaps.

I tend to believe Linux offers better Security than Windows only if the user continues the same behavior they had when they had Windows installed.  Browsing the same pages.  The same websites.  Downloading from the same sources.

If your behavior changes from typical Windows user to paranoid Linux user then you are going to visit more Privacy oriented websites.  You will download from more Privacy oriented sources.  You will change your behavior.  I would say for the better.  But on the other hand there will be more Linux targeting viruses on such websites than if you search for things the usual user of Windows would.  As a consequence you are going to probably have about the same Security you had on Windows.

Also remember there is a Terminal we are supposed to use.  This gives us control but it is pointless to think of it as more secure if the user has no idea what they are writing into it.  Installing DEB files from unknown sources or with out verifying their legitimacy beforehand.  Downloading packages from the Internet instead of using the Terminal for this purpose.  Installing 'App Stores'.  Modifying and doing things as SU.  There are many ways some body could mess up badly even with the 'safest' Distro.

I would argue it is a steep learning curve but also a steep way to more Security.  The more you learn, the less likely an attack.  Any body who has never used Linux before.  If you want to separate from Windows and move to it, go ahead.  But I really do recommend you first experiment with it.  Get some old laptop and start messing with Linux.  See what is good or bad to do.  Learn.  When you are ready and feel safe to move permanently, go.
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
November 22, 2023, 06:39:14 AM
#34
once again... i'll be pushing for my work distro, just because i think it's an under-appreciated distro that can easily stand up to other (more popular) ones... i'm not affiliated with suse, but by working with them for many years, i grew to love how this distro works...

I usually don't use gui tools, but when i hear the words "encryption", "just works" and "easy" floating around, i automatically think about yast2 (also available as an ncurses based tool from the gui).

on a test vm, i added a new virtual disk... here you see the lsblk output (sdc = the new device)
This is SLES (suse linux enterprise server) because i didn't have a recent opensuse image to deploy on the test vm... But opensuse also uses yast2, so the screens should be comparable



i started the partitioner of yast2, here's sdc (unpartitioned). I just had to click the "add partition" button at the bottom of the screen



the add partition wizard was started



some more questions





here, i'm asked if i have to format the device, the partition id, wether or not an entry should be make in the /etc/fstab... And a simple checkbox to indicate the device should be encrypted Smiley



if selected, you need to enter a password


some next/next/next/finish/ok buttons follow (not screencapped)

and we end up here (lsblk output)



offcourse, when booting, you need a terminal to enter the passphrase...



I would also like to dedicate a couple of minutes talking about safety. Thinking linux is always more secure than (for example) windows isn't completely correct... A recent, popular, stable, out of the box, linux distro is allmost always more secure than a recent, plain-vanilla windows installation... But not completely secure. And if you do a bad job configuring and maintaining your linux partition it can be less secure than a well configured and maintained windows installation.

Suse is knows as a secure distro, you would not believe how many flags pop up if you run the stig profile trough openscap on a plain vanilla installation... It took me ages to close most of the "gaps", but it's allmost impossible to get a perfect score. Next to this, security vulnerability's are found (and patched) on a daily basis, there ARE virusses targetting linux distro's... And then there's the PICNIC problem, every piece of software has config you CAN (and probably will) mess up, sometimes resulting in a (small) attack vector.

Once again, i'm a big linux fan... I come from managing actual unix systems and rolled into linux many (many) years ago... And i can say that a properly setup, patched, mainted, monitorred,... linux distro can be *very* secure. I can honestly say that i'm convinced my linux servers are more secure than the windows servers in my company... Linux is great for beginners all the way to veterans, but thinking it's 100% safe is not a good idear.
legendary
Activity: 1932
Merit: 1273
November 22, 2023, 03:45:32 AM
#33
And when it comes to partitions, im just going to select it to automatically make whatever partitions are needed, will this encrypt the /home and /swap partitions? I just want to make sure that full disk encryption is applied, but I don't want to screw around with manually doing things. So during the wizard I enter the encryption LVM setting and enter a password, it does encrypt the whole thing?
According to this, only the sda5_crypt volume is encrypted? what about the swap one?

AFAIK, device_mapper indicates the "drive" is pointed to the decrypted drive of vda5_cypt, so, the swap partition is on the encrypted disk.





I don't recall Debian has default DE since you need to chose the DE either when choosing ISO or during installation. Is that no longer true?

They do still offer the option on Debian 12.


full member
Activity: 728
Merit: 151
Defend Bitcoin and its PoW: bitcoincleanup.com
November 22, 2023, 12:02:13 AM
#32
While I currently use kubuntu for my daily driver, I wouldn't use it for a web server or anything that I was concerned about leaking data to third parties.

For Bitcoin and secure crypto transactions, I would look into Manjaro or any Arch distribution powerful enough to handle the necessary software.
Linux has desktop and server OS, while you can use desktop OS for the webserver it is recommended to use server OS for web servers, more likely to use minimal iso image for that since you will only need to run what is needed for the web servers,
Linux flavors are safe, if they have been compromised it means you messed up the configuration firewall and permissions.
newbie
Activity: 1
Merit: 0
November 21, 2023, 11:40:24 PM
#31
While I currently use kubuntu for my daily driver, I wouldn't use it for a web server or anything that I was concerned about leaking data to third parties.

For Bitcoin and secure crypto transactions, I would look into Manjaro or any Arch distribution powerful enough to handle the necessary software.
legendary
Activity: 1666
Merit: 1037
November 21, 2023, 04:09:36 PM
#30
Linux mint is user friendly but is it really the best option if hardening is something that is being kept in mind?

Tails and whonix are great but good luck making these your daily drivers. Of course. Qubes is a similar story, huge security and privacy benefit, ability to isolate into VMs, but a mission to make it a daily driver.

I've been experimenting with Nix OS, which is secure in the sense that it runs from one core configuration file which you can see changes if any are made (great for security and auditing, life is easy). I've also been watching Parrotsec create their Parrot software. Debian based, seems to work and quite hardened out of the box.

I think these are much easier than tails and whonix from my little experience, everything is easier than Qubes but if you manage to use that as a daily driver and become experienced with it, you have done a hell of a good job! I'm yet to try and properly conquer it.
sr. member
Activity: 317
Merit: 448
November 21, 2023, 03:54:43 PM
#29
I've tried Mint on a live CD and it comes way too bloated for my taste, too many media related software that I don't need for this purpose. A basic text editor, a spreadsheet editor, and basic dependencies to compile Bitcoin Core as well as Tor should be it. Im either going to use Xubuntu or try the latest Debian release.

I just tried installing Linux Mint on VM and amount of the bloat isn't as bad i expected. But since it's too bloated, your option is limited to Debian or manually uninstall the bloat. And i expect Xubuntu has many bloat for you needs since the ISO alone has size 2.8GB.

I've tried Mint on a live CD and it comes way too bloated for my taste, too many media related software that I don't need for this purpose. A basic text editor, a spreadsheet editor, and basic dependencies to compile Bitcoin Core as well as Tor should be it. Im either going to use Xubuntu or try the latest Debian release. Seems pretty easy to install nowadays compared to back then. Does anyone here use that distro at all? It comes with a full disk encryption setting on the wizard.
I'll try automatic partition setting and just encrypt the whole thing. Im not sure if it encrypts the boot partition too, but I want it to encrypt for sure swap and home. Some people don't realize these may remain unencrypted and leak your data on there.
In that case, use Debian and then replace the default GNOME desktop with an XFCE desktop.

I don't recall Debian has default DE since you need to chose the DE either when choosing ISO or during installation. Is that no longer true?

The image that shows up here doesn't look like it has the desktop interfaces separated:

https://www.debian.org/

The download button leads to this file:

https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso

This requires internet connection to install. Im assuming this contains all the different interfaces. Also im not sure if this will work with an nvidia GPU. Has anyone tried? it may give error since it has free firmware. In that case you may want to try this:

Quote
Non-free Firmware

This Debian image build only includes Free Software where possible. However, many systems include hardware which depends on non-free firmware to function properly so this build also includes those firmware files for those cases. See the Debian Wiki non-free firmware page for more information.

https://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-dvd/

And when it comes to partitions, im just going to select it to automatically make whatever partitions are needed, will this encrypt the /home and /swap partitions? I just want to make sure that full disk encryption is applied, but I don't want to screw around with manually doing things. So during the wizard I enter the encryption LVM setting and enter a password, it does encrypt the whole thing?

Edit: Found this:

https://xo.tc/setting-up-full-disk-encryption-on-debian-9-stretch.html



According to this, only the sda5_crypt volume is encrypted? what about the swap one?

Also looks like interfaces are included within the iso:


legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
November 21, 2023, 03:06:31 AM
#28
I've tried Mint on a live CD and it comes way too bloated for my taste, too many media related software that I don't need for this purpose. A basic text editor, a spreadsheet editor, and basic dependencies to compile Bitcoin Core as well as Tor should be it. Im either going to use Xubuntu or try the latest Debian release. Seems pretty easy to install nowadays compared to back then. Does anyone here use that distro at all? It comes with a full disk encryption setting on the wizard.
I'll try automatic partition setting and just encrypt the whole thing. Im not sure if it encrypts the boot partition too, but I want it to encrypt for sure swap and home. Some people don't realize these may remain unencrypted and leak your data on there.

In that case, use Debian and then replace the default GNOME desktop with an XFCE desktop.

You don't need to encrypt the boot partition, it has no data of interest to inspectors except for maybe your kernel version and the name of the operating system(s) you are booting.

I would argue it's good to learn to use the command line (and vi), but it comes with a steep learning curve. After that, it's much more powerful and faster than using a GUI.
Depends on what precisely you use it for. Simply editing text which could be also done using nano might be worth it, but when writing code, you have tools such as VSCode which provide another level of comfort and efficiency. Even better if you install the vim plugin and gain the advantages of vim, including VSCode's.

vim is not so bad since I already know how to use it, but to this day I still find nano convoluted to use (and don't get me started on C-X C-C emacs).
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
November 20, 2023, 03:01:05 PM
#27
I would argue it's good to learn to use the command line (and vi), but it comes with a steep learning curve. After that, it's much more powerful and faster than using a GUI.
Depends on what precisely you use it for. Simply editing text which could be also done using nano might be worth it, but when writing code, you have tools such as VSCode which provide another level of comfort and efficiency. Even better if you install the vim plugin and gain the advantages of vim, including VSCode's.

To me, the answer on that matter is simple. Learn a little bit of everything when it comes to the terminal, but don't put the terminal above everything. Knowing vim has particularly only helped me when editing files via an ssh-ed terminal. I can write code much faster and more correctly on VSCode.
sr. member
Activity: 317
Merit: 448
November 19, 2023, 09:10:03 PM
#26
I've tried Mint on a live CD and it comes way too bloated for my taste, too many media related software that I don't need for this purpose. A basic text editor, a spreadsheet editor, and basic dependencies to compile Bitcoin Core as well as Tor should be it. Im either going to use Xubuntu or try the latest Debian release. Seems pretty easy to install nowadays compared to back then. Does anyone here use that distro at all? It comes with a full disk encryption setting on the wizard.
I'll try automatic partition setting and just encrypt the whole thing. Im not sure if it encrypts the boot partition too, but I want it to encrypt for sure swap and home. Some people don't realize these may remain unencrypted and leak your data on there.

I would argue it's good to learn to use the command line (and vi), but it comes with a steep learning curve. After that, it's much more powerful and faster than using a GUI.
Back in my school days I was told GUI is only for the lazy and if I wanted to be cool and fast I should learn Command Line instead.  It took me a very long time to understand this because to the average human the Command Line looks like something straight out of a NASA computer.  First seemed like a joke.  But ended up being true.  It is much faster and easier.  And you are even told every thing that happens in background most of the time too.  Easier to tell why some things go wrong sometimes and can monitor how things run.  Things you do not get with Windows or most of the very user friendly focused Operating Systems and GUIs.

Amazing to say the least.  I recommend any body who is bored to start learning how to use a Terminal, it is a fun process and helps with your mental too.  They say your brain is less likely to degrade if you keep learning new things.

I used to be console-command only but I realized sometimes you just want to rely on a graphical interface. When manually crafting a raw Bitcoin transaction for instance, you can screw up somewhere by entering the stuff manually. I would rather do it on the GUI. Granted, you always have maximum control with the terminal but this comes with great responsibility, and I don't want to gamble screwing up in the process specially in the context of irreversible transactions. Same goes for full disk encryption. One could write a bible about LUKS setups with the command line but I would rather stick to the basics and get it done on the GUI, unless I really needed something so specific that I required to enter it manually.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
November 18, 2023, 04:41:27 PM
#25
I would argue it's good to learn to use the command line (and vi), but it comes with a steep learning curve. After that, it's much more powerful and faster than using a GUI.
Back in my school days I was told GUI is only for the lazy and if I wanted to be cool and fast I should learn Command Line instead.  It took me a very long time to understand this because to the average human the Command Line looks like something straight out of a NASA computer.  First seemed like a joke.  But ended up being true.  It is much faster and easier.  And you are even told every thing that happens in background most of the time too.  Easier to tell why some things go wrong sometimes and can monitor how things run.  Things you do not get with Windows or most of the very user friendly focused Operating Systems and GUIs.

Amazing to say the least.  I recommend any body who is bored to start learning how to use a Terminal, it is a fun process and helps with your mental too.  They say your brain is less likely to degrade if you keep learning new things.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 18, 2023, 04:40:53 AM
#24
their beginner guide (~) heavily involve terminal usage.
I would argue it's good to learn to use the command line (and vi), but it comes with a steep learning curve. After that, it's much more powerful and faster than using a GUI.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 17, 2023, 08:46:24 AM
#23
SystemRescue just works: https://www.system-rescue.org/
That's not an OS for daily tasks:
SystemRescue (formerly known as SystemRescueCd) is a Linux system rescue toolkit available as a bootable medium for administrating or repairing your system and data after a crash.
member
Activity: 143
Merit: 82
November 17, 2023, 08:08:25 AM
#22
to be a simple OS that just works.
SystemRescue just works: https://www.system-rescue.org/
full member
Activity: 728
Merit: 151
Defend Bitcoin and its PoW: bitcoincleanup.com
November 16, 2023, 11:11:03 PM
#21
I have been running the same distro for years and now im basically forced to wipe the install and start from scratch because they stopped rolling updates. I was using Elementary OS version 5 and as you can see the Ubuntu release it's based on doesn't do updates anymore.

elementary OS Version    Released    Ubuntu Release    Ubuntu Maintenance Updates
0.4 Loki                            Sep 9, 2016    16.04 LTS    April 2021
5 Juno                            Oct 16, 2018    18.04 LTS    April 2023
5.1 Hera                            Dec 3, 2019    18.04 LTS    April 2023
6 Odin                            Aug 10, 2021    20.04 LTS    April 2025
6.1 Jólnir                            Dec 20, 2021    20.04 LTS    April 2025
7.0 Horus                            Jan 31, 2023    22.04 LTS    April 2027


I want to ask what people here are using. I want something that is easy to install that has full disk encryption features during the install on the GUI. And basically something without privacy unfriendly bloatware (like Ubuntu).

I would also like something that doesn't force you to wipe your stuff and start from scratch every 2 or 3 years.

I was looking at n0nce's guide on OpenSUSE. I have never tried that one. Not sure if meets the criteria but having a guide is really nice and would save a lot of time. But there's not much documentation in regards to Bitcoin, most of it is Ubuntu or Debian based. Someone commented this:

Quote
SUSE is rather painful to get in to in some aspects. I did many custom deployments of OS and post install automatic configuration. Suse frustrated me because they put things in different places compared to  most of the other distros, and have an extremely capable and complicated installation control file. Unfortunately, it is not easily created and the documentation is partially missing. To allow users/admins to make use of control files; ALL the possible valid options must be listed in the documentation and this documentation needs to be in a well known or easily found location. It is only AFTER investing considerable time that I came to appreciate the odd and different over-engineered aspects of SUSE. It is very powerful.

So I would rather use something more common. I want to be able to search for stuff and find answers.

mocacinno has a guide for CentOS, but it hasn't been update in 3 years so probably there's some stuff that changed.

Does anyone maintain any other guides for different distros? Im interested in mostly a Bitcoin Core node to form transaction in a desktop install, and a watch-only wallet to broadcast them and check funds, and do this through Tor with a laptop.

There has to be a simple OS that just works. But I guess im going to need to go with Ubuntu based ones so that will require full updates every 2 or 3 years when LTS versions run out of updates. And since I use full disk encryption im going to need to reinstall the whole think backing up the wallets and resync. I guess I can do that every few years. In that case I would try the new ElementaryOS but I would like to know what people hereare using, please let me know so I decide what to install.
The most common is Ubuntu since there is community support, and easy to install, also meets your requirement, they have upgrades but ofcourse even those who are familiar with linux always do backups when worse happen they have something to restore, you are responsible on what you run on linux or ubuntu, it won't run it unless you say so, even the firewall, 5 years is already long enough, what are you trying to achieve? security updates or application updates? I've been using ubuntu for years now I'm still have one running ubuntu 16, also someone using slackware though it has different purpose and still running for almost 10yrs or more now, without issue.
sr. member
Activity: 317
Merit: 448
November 16, 2023, 10:08:15 PM
#20
It's definitely possible. But since OP said "There has to be a simple OS that just works", there are few things i'd like to point.
1. Conflict possibility between DE or default app comes with DE. You might mention you could just remove GNOME, but there's risk you accidentally remove important application or library.
2. I have doubt there won't be any problem when you perform major update (e.g. 20.04 LTS to 22.04 LTS).

Linux Mint fits the bill nicely, for this reason.

Does it do any telemetry? Found these comments on this YT video:

https://www.youtube.com/watch?v=hKggSOKHFZg

Quote
5 days ago
Even if that wasn't something you could configure, with the open source nature of Linux someone knowledgeable enough could write a script or app and change it anyhow or at least get the effect they want.  Also if we are afraid of them collecting data we can use Wireshark or a similar program and see for ourselves.  It may be encrypted but we will still see where it is going.  You could set up a spare computer just to monitor the network or at least keep a log of network traffic that way and not have it placing any new load on your main computer.  That would be helpful for those who like to buy low power computers that are often single board or use a mobile Intel or AMD CPU that while usable for its purpose is not great for gaming or other demanding tasks.


Quote
1 month ago
Yes they are you can check that data in Kernel logs, I posted on the mint forums, the mods felt it necessary to delete the part that shows Data being sent. I traced that logs origin

This sucks. Has anyone tried building Bitcoin Core from source with Whonix? I was looking at the documents and they have a section for Bitcoin which is nice:

https://www.whonix.org/wiki/Bitcoin_Core

Also I found this article (in German) that says it found unnecessary pings during installation in Arch, EndeavourOS, Manjaro, Garuda, openSUSE, Linux Mint, Ubuntu, and ElementaryOS distros:

https://www.michlfranken.de/linux-distros-dns-tracing/

Not sure why they would try to ping some server during installation, probably no big deal but still. And I still have to figure out how to avoid any software leaking data from temporary files. I found the software that was doing it on ElementaryOS, it's called "Code", it is basically the Scratch text editor. I wish there was a way to disable all of these things by default because I just find it unnecessary.
legendary
Activity: 3346
Merit: 3130
November 16, 2023, 06:43:36 PM
#19
I would recommend 2 options for you:

1.- If you was under a Ubuntu/base OS, then try direct Ubuntu, i have that OS on one of my laptops because it has an Nvidia card, and is really easy with ubuntu to install the drivers.

2.- If you want to go for something new then i highly recommend Fedora, i have been using that OS for a long time, and try with other variants like CentOS and Red Hat, but in the end i liked more fedora. I feel is more user-friendly.

And another thing i recommend is the right user interphase, I'm old-school and always loved the Mate UI, you can find them on the next links:

https://fedoraproject.org/spins/mate/
https://ubuntu-mate.org/
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
November 16, 2023, 02:07:16 AM
#18
Has anyone tried Xfce? I've always used this environment, it is the one used by the super lightweight distros, should be the less fancier and thus snappier one.
Not sure why they've blocked their page to Tor tho, had to use a proxy on top to get it.

Xfce is short and snappy, but I would not be opposed to using MATE either, provided that it is packaged by the distro I want to use.

I don't use Linux mint myself, but usually it can be solved by,
1. Disable "trash" or "recycle bin" feature from your file manager.
2. Disable or uninstall application which manage clipboard locally. For example, Xfce comes with application called qlipper.

I don't really like clipboard managers (besides providing the the essential copy/paste support), particularly the clipboard history feature which I never use.

Although I fail to see how the trashcan will pose a problem, because you can avoid having to do that by simply deleting your files with rm command.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 15, 2023, 05:05:42 AM
#17
Has anyone tried Xfce? I've always used this environment, it is the one used by the super lightweight distros, should be the less fancier and thus snappier one.
I didn't like Xfce much. I like a menu bar at the full bottom of my screen, some shortcut icons on the left, active programs in the middle, and some status icons on the right. I had to check what I'm currently using: Marco (MATE) window manager, with Clearlooks Appearance (and some customizations). I want my active window to have a clear different color from anything on the background (which is rare nowadays).
After disabling all animations, I don't think it's very resource demanding (and my laptop is quite old).
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
November 15, 2023, 03:49:05 AM
#16
Does anyone here recommend some "first thing to do after installing" tips?

There are many of such article about it on internet. Since you're not being specific, i'd just recommend you to update the system immediately then install necessary driver/application.

Something that I always want to be sure is that no temporal stuff is left somewhere. I remember with Elementary OS, it used some sort of temporal backups for unsaved text files for instance, so if you wrote anything you didn't want to keep, and you didn't know this, there would be traces of what you wrote elsewhere. These things are what I really want to keep under control. I want to know that when I delete a file, this file is not saved elsewhere because reasons. This is why I do full disk encryption to begin with, but still, I want to know those things are happening.

I don't use Linux mint myself, but usually it can be solved by,
1. Disable "trash" or "recycle bin" feature from your file manager.
2. Disable or uninstall application which manage clipboard locally. For example, Xfce comes with application called qlipper.

Those are very tough requirements, i'd just recommend Linux Mint or Debian which tick most of your requirements. You can even choose desktop environment you prefer.
As you mentioned Linux Mint, I needed some suggestion of yours.

So the thing is, I am looking for a distro for a perfect daily use. My requirements isn't that much. Only able to do everything that a daily user does on his windows should be enough. As example, browsing, little editing, writing on Microsoft words(I know it have a alternative version), gaming a little (like, age of empire), using VPN and a VM to run windows just in case if needed. Some customization should be nice, like applying new theme, skin etc. Lastly what everyone needs is performance and have to be user friendly. It also should get updates, not any discontinued distros. Smiley

I was thinking of Linux Mint Xfce (21.2 Victoria something) ..What are your thoughts on that? Is there anything better? Like lite but powerful without any blotwares (I hate heavy distros that contains unnecessary packages, apps). I also know there are many app store to install apps on linux. Does mint supports it? I found it difficult to manage, install and uninstall apps sometimes, through the command prompt, when I used it on my friends desktop. Tongue

Also, I don't wanna install drivers manually. It should be builtin.

I'll install Linux the moment I get my hands on a laptop, as I don't have any now. I am planning to buy in a month.

Edit: I'll also need to run Microsoft visual studio code or any other compiler for programming purpose.

I know my writing is a mess, but if you were kind enough to guide me, I would be grateful.

Next time please create new thread since what you're doing might be considered as hijacking/derailing thread. AFAIK by default Linux Mint install open source driver which isn't suitable for gaming. Consider Pop os (https://pop.system76.com/) which already include closed-source Nvidia driver (which suitable for gaming) where they also claim they offer customization and various development toolkits.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
November 15, 2023, 12:07:07 AM
#15
Those are very tough requirements, i'd just recommend Linux Mint or Debian which tick most of your requirements. You can even choose desktop environment you prefer.
As you mentioned Linux Mint, I needed some suggestion of yours.

So the thing is, I am looking for a distro for a perfect daily use. My requirements isn't that much. Only able to do everything that a daily user does on his windows should be enough. As example, browsing, little editing, writing on Microsoft words(I know it have a alternative version), gaming a little (like, age of empire), using VPN and a VM to run windows just in case if needed. Some customization should be nice, like applying new theme, skin etc. Lastly what everyone needs is performance and have to be user friendly. It also should get updates, not any discontinued distros. Smiley

I was thinking of Linux Mint Xfce (21.2 Victoria something) ..What are your thoughts on that? Is there anything better? Like lite but powerful without any blotwares (I hate heavy distros that contains unnecessary packages, apps). I also know there are many app store to install apps on linux. Does mint supports it? I found it difficult to manage, install and uninstall apps sometimes, through the command prompt, when I used it on my friends desktop. Tongue

Also, I don't wanna install drivers manually. It should be builtin.

I'll install Linux the moment I get my hands on a laptop, as I don't have any now. I am planning to buy in a month.

Edit: I'll also need to run Microsoft visual studio code or any other compiler for programming purpose.

I know my writing is a mess, but if you were kind enough to guide me, I would be grateful.
sr. member
Activity: 317
Merit: 448
November 14, 2023, 11:13:49 PM
#14
It's definitely possible. But since OP said "There has to be a simple OS that just works", there are few things i'd like to point.
1. Conflict possibility between DE or default app comes with DE. You might mention you could just remove GNOME, but there's risk you accidentally remove important application or library.
2. I have doubt there won't be any problem when you perform major update (e.g. 20.04 LTS to 22.04 LTS).

Linux Mint fits the bill nicely, for this reason.

Yeah this looks good:

https://www.linuxmint.com/download_all.php

Has anyone tried Xfce? I've always used this environment, it is the one used by the super lightweight distros, should be the less fancier and thus snappier one.
Not sure why they've blocked their page to Tor tho, had to use a proxy on top to get it.

Does anyone here recommend some "first thing to do after installing" tips?

Something that I always want to be sure is that no temporal stuff is left somewhere. I remember with Elementary OS, it used some sort of temporal backups for unsaved text files for instance, so if you wrote anything you didn't want to keep, and you didn't know this, there would be traces of what you wrote elsewhere. These things are what I really want to keep under control. I want to know that when I delete a file, this file is not saved elsewhere because reasons. This is why I do full disk encryption to begin with, but still, I want to know those things are happening.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
November 14, 2023, 05:02:38 AM
#13
It's definitely possible. But since OP said "There has to be a simple OS that just works", there are few things i'd like to point.
1. Conflict possibility between DE or default app comes with DE. You might mention you could just remove GNOME, but there's risk you accidentally remove important application or library.
2. I have doubt there won't be any problem when you perform major update (e.g. 20.04 LTS to 22.04 LTS).

Linux Mint fits the bill nicely, for this reason.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
November 14, 2023, 04:35:44 AM
#12
You need to recheck these pages, https://xubuntu.org/download/ and https://kubuntu.org/getkubuntu/. Both offer still offer LTS version. But unlike Ubuntu which has 5 years support (10 years if you subscribe to Ubuntu Pro), those distro only receive 3 years support.

Right, I messed up. The LTS versions actually have 3 years support, but it's still less than the 5 years I can get out of the main Ubuntu distro. (And this is confirmed here.)

You can just install Xfce on Ubuntu and still get 5 years LTS, right? The few GB size difference for having some unused software on your system shouldn't matter compared to the size of the blockchain.

Correct, but as you can see in the link I shared, all packages in the repository called main are supported for 5 years. XFCE Desktop is not inside that repository, so it gets support for 3 years.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 14, 2023, 04:31:31 AM
#11
You need to recheck these pages, https://xubuntu.org/download/ and https://kubuntu.org/getkubuntu/. Both offer still offer LTS version. But unlike Ubuntu which has 5 years support (10 years if you subscribe to Ubuntu Pro), those distro only receive 3 years support.
You can just install Xfce on Ubuntu and still get 5 years LTS, right? The few GB size difference for having some unused software on your system shouldn't matter compared to the size of the blockchain.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
November 14, 2023, 04:21:53 AM
#10
I remember Xubuntu and Kubuntu, I may look up what's their current state now.  As long as you don't do anything stupid, you shouldn't get hacked, so maybe a hardened OS is overkill, but I will look into Whonix, but like I said, as long as it just installs fine and can do full disk encryption and run the Bitcoin related stuff and not have bloatware etc, and maintain it secure with updates, that should be enough.
Xubuntu and Kubuntu are fine, but they do not get LTS releases. Instead, they only get updates for 9 months like the other non-LTS versions.

You need to recheck these pages, https://xubuntu.org/download/ and https://kubuntu.org/getkubuntu/. Both still offer LTS version. But unlike Ubuntu which has 5 years support (10 years if you subscribe to Ubuntu Pro), those distro only receive 3 years support.

These days Debian include non-free driver by default.
WOW.  This is such a disgrace.  I see this only happened recently as there is a notification posted on June 2023,
https://cdimage.debian.org/images/unofficial/non-free/images-including-firmware/
Makes you wonder why don't the device drivers just make it easier to make open-source versions of their drivers. Like what is there even to hide inside a driver that will give someone else a competitive advantage? That's all hardware.

At least for basic printing, CUPS[1] does the jobs wgere you don't have to use closed-source driver/firmware.

[1] https://wiki.debian.org/CUPSDriverlessPrinting
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
November 14, 2023, 02:58:09 AM
#9
I remember Xubuntu and Kubuntu, I may look up what's their current state now.  As long as you don't do anything stupid, you shouldn't get hacked, so maybe a hardened OS is overkill, but I will look into Whonix, but like I said, as long as it just installs fine and can do full disk encryption and run the Bitcoin related stuff and not have bloatware etc, and maintain it secure with updates, that should be enough.

Xubuntu and Kubuntu are fine, but they do not get LTS releases. Instead, they only get updates for 9 months like the other non-LTS versions.

These days Debian include non-free driver by default.
WOW.  This is such a disgrace.  I see this only happened recently as there is a notification posted on June 2023,
https://cdimage.debian.org/images/unofficial/non-free/images-including-firmware/

Makes you wonder why don't the device drivers just make it easier to make open-source versions of their drivers. Like what is there even to hide inside a driver that will give someone else a competitive advantage? That's all hardware.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
November 13, 2023, 07:45:14 AM
#8
These days Debian include non-free driver by default.
WOW.  This is such a disgrace.  I see this only happened recently as there is a notification posted on June 2023,
https://cdimage.debian.org/images/unofficial/non-free/images-including-firmware/

Well.  Another more Privacy friendly option down the well.  Sucks to live in 2023 dude.

Edit.  I wonder if this works as a workaround.  I have a few CDs with different older versions of Debian on them.  The non free problem seems to be since Debian 12 released.  How about installing an older version and then updating.  You get the choice to download the packages you want.  I can find official versions archived on their website,
https://get.debian.org/images/archive/

Any body has any idea, will this STILL install non free packages autonomously?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 13, 2023, 07:32:03 AM
#7
My personal opinion: it's largely a matter of taste. I switch every few years, and I've tried many different distributions. I mostly appreciate a simple desktop without over-the-top animations and with a simple menu button. But most of the time I'm using a terminal anyway.

Does anyone maintain any other guides for different distros?
I don't see the point making them for Bitcointalk, when there are much better guides out there.

Quote
Im interested in mostly a Bitcoin Core node to form transaction in a desktop install, and a watch-only wallet to broadcast them and check funds, and do this through Tor with a laptop.
In that case: do you really need full disk encryption? You can encrypt your home directory with one tickbox.
member
Activity: 134
Merit: 94
The Alliance of Bitcointalk Translators - ENG > TR
November 13, 2023, 06:02:02 AM
#6
I’ve been using Mint which is a ubuntu (or debian?) fork. It is not as bloated as ubuntu but still has a very friendly user interface. I encountered small problems every once in a while but I somehow solved them all. I use this PC to do some coding, watch movies, surf the web and it fills my needs perfectly fine. Believe it or not I can play many 3D games too. (Thanks to wine/steam) Since I switched to Mint, I never looked back. I am windows-free since 2018.
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
November 13, 2023, 05:55:59 AM
#5
I got a ping that my name was mentioned... Just as a heads-up: i would no longer recommend centos due to redhat's policy changes. CentOS became a mess, and they're more or less anti-opensource ATM (at least in my humble opinion).

Professionally, i work with SLES for my daytime job (i have about 140 servers running SLES 15 SP4, i've been using sles for about 10 years now and i can vouch for it's stability and useability), and opensuse for my home systems, i think it surpasses most (if not all) requirements i ever had...
I know it isn't as popular in the community as (for example) ubuntu, but this doesn't mean it's a bad distribution. Opensuse is basically the upstream distro of SLES, meaning that there are actually professional engineers vetting the packages that end up in the opensuse repository, and the SLES professional documentation usually also works for opensuse. The opensuse community isn't as buzzying as (for example) the ubuntu community, but the people are friendly and helpfull.

The biggest "downside" for newer users is the fact that most tutorials/walk-troughs nowadays focus on ubuntu, so if you want a distro with the most copy/paste walk-troughs, you're more or less bound to ubuntu (most of those walk-troughs also work on debian tough).

If you have any specific questions, don't hesitate to ask.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
November 12, 2023, 07:34:04 PM
#4
Whonix only runs as a Virtual Machine.  There is no way you can INSTALL it as a stand alone Operating System.

There are two ways of running Whonix.  Qubes or Virtual Machine.  Qubes is kind of hard to get accustomed to if you are not a fan of new UI and if you are unprepared a new, overhauled experience with a Linux distribution.  I like Qubes because it gives you many options.  You create what they call 'Domains' which are pretty much Virtual Machines.  You can create a Windows 'Domain' with no Internet connection.  All Domains are separated.  They do not interfere.  Any USB you insert has to be assigned to Domains you want it to be assigned to.  Any thing you do is pretty much happening in separate Virtual Machines and Qubes is just an offline desktop to manage them.  Think of it as running multiple computers all on the same monitor.

Best part of it is that the main management desktop known as dom0 is offline while you can run online Domains.  With this being said.  If a Domain is hacked it is almost impossible for the virus or hacker to get to dom0 let alone another Domain.  It is overkill like you say however.  Unless you truly care about top notch Security.

Like I said however.  It is hard to get accustomed to it.  You will have to do a lot of documentation.  Reading their install documentation is very important too.  You will learn a ton of important things about keeping high levels of Privacy and Security while running Qubes.

Qubes offers full disk encryption in the Install GUI and is extremely Privacy friendly.  It has pretty big system requirements however.  There is an exhaustive list of computers tested with it.  Maybe it is helpful to you.  https://www.qubes-os.org/hcl/

Now that I wrote this all I realize I sound like a walking Qubes advertising billboard!

-----

Tails is fun and all but because of its amnesic properties it is not a great Operating System for daily use.  It was not meant to be a daily driver or to be used occasionally with Persistent Storage anyway.  So I do not recomment doing a Persistent installation of Tails.  What I like about it is the amnesic property of it.  But this makes it only a great temporary Operating System.  It is perfect if you need to quickly boot up Tails for an Internet search.

In some cases Tails is more secure and can offer more Privacy than Qubes can.  But for your needs this might not be it.  Would not recommend any body to run a Full Node on Tails.  Defeats the purpose of Tails and probably builds loop holes too weakening the Security you should have.

-----

Since you are looking at some Debian distros.  Why do you not just install the blank version of Debian?  Download and install only the first CD file from https://www.debian.org/CD/http-ftp/.  That will install the most stripped version of Debian.  Last time I checked, the stripped version of Debian is 100 percent Open Source.  Then you can install any non free driver or package you like by downloading it from https://www.debian.org/distrib/packages.  This is the most hard core way you can go if you do not trust any thing and any body.

What I like about Debian is pretty much ANY issue you will ever encounter with Debian will be about one or two quick searches away.  There is an entire community for this distro.  It is Debian after all.

Warning.  This means you will encounter a lot of problems you will have to fix by yourself one by one until you can get to run the things you need properly.

You will probably not even have Wi Fi drivers after installing the first CD.  Probably will not need that if you are using Ethernet any way.  You can look up drivers for any thing that does not work.  I doubt you will not find a way.  Internet is your friend.

But there is a bit of work to do if you want to keep it as clean as possible and this is the best way to do it.  Who needs display driver which is proprietary.  Who needs Bluetooth adapter.  Who needs all that B S.  I like it raw.

There are many other distributions but I would not trust them.  Fewer contributors and users means more loopholes.  Tails, Qubes and Debian are pretty much Top 3 for people who do not trust their computer and Operating System much.  Ubuntu is probably the most popular distribution across the Linux community but even Ubuntu is based on Debian.  Why run something that has been built on top of Debian when you can run Debian itself.

Other Privacy oriented distributions are more focused on Security than Privacy it seems.  Kali and such.

-----

Or give them all a try.  See which you like most.  Maybe you fall in love with one and keep it.
sr. member
Activity: 317
Merit: 448
November 12, 2023, 12:48:04 PM
#3
And basically something without privacy unfriendly bloatware (like Ubuntu).
Can you give a little bit more context on this? For what bloatware are you talking about? Ubuntu comes with a variety of open-source programs, some of which you can choose to not install during setup. It does provide full disk encryption.

Look, it isn't as privacy friendly as Tails or Whonix, but it is friendly in the sense that it doesn't spy on you by default (as in Windows).



When it comes to security, use a reputable distro with large community. That's why I use Ubuntu (and because I've used to it). If your computer doesn't fulfill the resource requirements, consider using the alternative Xubuntu, which requires even less resources.

You can also try out Whonix as it comes with Bitcoin Core (and is privacy and security focused): https://www.whonix.org/.

You can read up on the whole Canonical-Amazon incident. Basically Canonical (company behind Ubuntu) sent supposedly anonymized telemetry to Amazon. Apparently there's some drama with RedHat as well (Centos). Ubuntu is probably just ok to use, but comes with a lot of stuff that I don't need.
Maybe I should just give Debian a try. Apparently it has now become manageable to install. Back then it was a mess but looks like nowadays it installs like a regular OS. Not sure bout the .deb dependencies and so on, but at least I would have a ton of documentation.

Whonix im assming is something similar to Tails.

I remember Xubuntu and Kubuntu, I may look up what's their current state now.  As long as you don't do anything stupid, you shouldn't get hacked, so maybe a hardened OS is overkill, but I will look into Whonix, but like I said, as long as it just installs fine and can do full disk encryption and run the Bitcoin related stuff and not have bloatware etc, and maintain it secure with updates, that should be enough.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
November 12, 2023, 12:24:52 PM
#2
And basically something without privacy unfriendly bloatware (like Ubuntu).
Can you give a little bit more context on this? For what bloatware are you talking about? Ubuntu comes with a variety of open-source programs, some of which you can choose to not install during setup. It does provide full disk encryption.

Look, it isn't as privacy friendly as Tails or Whonix, but it is friendly in the sense that it doesn't spy on you by default (as in Windows).



When it comes to security, use a reputable distro with large community. That's why I use Ubuntu (and because I've used to it). If your computer doesn't fulfill the resource requirements, consider using the alternative Xubuntu, which requires even less resources.

You can also try out Whonix as it comes with Bitcoin Core (and is privacy and security focused): https://www.whonix.org/.
sr. member
Activity: 317
Merit: 448
November 12, 2023, 11:52:36 AM
#1
I have been running the same distro for years and now im basically forced to wipe the install and start from scratch because they stopped rolling updates. I was using Elementary OS version 5 and as you can see the Ubuntu release it's based on doesn't do updates anymore.

elementary OS Version    Released    Ubuntu Release    Ubuntu Maintenance Updates
0.4 Loki                            Sep 9, 2016    16.04 LTS    April 2021
5 Juno                            Oct 16, 2018    18.04 LTS    April 2023
5.1 Hera                            Dec 3, 2019    18.04 LTS    April 2023
6 Odin                            Aug 10, 2021    20.04 LTS    April 2025
6.1 Jólnir                            Dec 20, 2021    20.04 LTS    April 2025
7.0 Horus                            Jan 31, 2023    22.04 LTS    April 2027


I want to ask what people here are using. I want something that is easy to install that has full disk encryption features during the install on the GUI. And basically something without privacy unfriendly bloatware (like Ubuntu).

I would also like something that doesn't force you to wipe your stuff and start from scratch every 2 or 3 years.

I was looking at n0nce's guide on OpenSUSE. I have never tried that one. Not sure if meets the criteria but having a guide is really nice and would save a lot of time. But there's not much documentation in regards to Bitcoin, most of it is Ubuntu or Debian based. Someone commented this:

Quote
SUSE is rather painful to get in to in some aspects. I did many custom deployments of OS and post install automatic configuration. Suse frustrated me because they put things in different places compared to  most of the other distros, and have an extremely capable and complicated installation control file. Unfortunately, it is not easily created and the documentation is partially missing. To allow users/admins to make use of control files; ALL the possible valid options must be listed in the documentation and this documentation needs to be in a well known or easily found location. It is only AFTER investing considerable time that I came to appreciate the odd and different over-engineered aspects of SUSE. It is very powerful.

So I would rather use something more common. I want to be able to search for stuff and find answers.

mocacinno has a guide for CentOS, but it hasn't been update in 3 years so probably there's some stuff that changed.

Does anyone maintain any other guides for different distros? Im interested in mostly a Bitcoin Core node to form transaction in a desktop install, and a watch-only wallet to broadcast them and check funds, and do this through Tor with a laptop.

There has to be a simple OS that just works. But I guess im going to need to go with Ubuntu based ones so that will require full updates every 2 or 3 years when LTS versions run out of updates. And since I use full disk encryption im going to need to reinstall the whole think backing up the wallets and resync. I guess I can do that every few years. In that case I would try the new ElementaryOS but I would like to know what people hereare using, please let me know so I decide what to install.
Jump to: