this post was submitted on 01 Jul 2024
81 points (96.6% liked)

Linux

48216 readers
641 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hi ! I'm a little confuse between all immutable versions based on fedora. Is this correct : universal blue = tool to create image, based on fedora atomic desktop ?

With universal blue, they created :

  • Bluefin = gnome
  • Bluefin-DX = gnome + developper tools
  • Aurora = kde
  • Aurora-DX = kde + developper tools
  • Bazzite = games

What the difference between silverble and bluefin for example, and which are you using ?

all 40 comments
sorted by: hot top controversial new old
[–] j0rge@lemmy.ml 79 points 4 months ago (5 children)

Hi! Universal Blue co-maintainer here, here's the TLDR. You've got the basic descriptions right, "Universal Blue" is mostly the parent organization that holds everything in github.

We take Fedora's Atomic OCI images and customize them for different use cases (Aurora, Bazzite, and Bluefin) and then publish base images so people can make their own versions of whatever they want. So if you wanted to take Silverblue, Kinoite, and make your own custom image you can mostly just grab whatever you want and shove it into an OS image. Bluefin started off as a "fix me" script for Silverblue that added all the stuff I wanted and then once I was shown what Fedora wanted to do with it the natural progression was to just make it a custom image. We just released 3.0 a few minutes ago actually!

Basically in Fedora 41 the tech will become more widely available with official OCI base images and better tooling. We just decided to start way earlier in the process so we could get all the automation out of the way, build a community, get familiar with it, etc. Happy to answer any other questions you may have!

[–] secret300@lemmy.sdf.org 13 points 4 months ago

Congrats on 3.0

[–] someonesmall@lemmy.ml 5 points 4 months ago (1 children)

Is it possible to build a minimal image for my home server without gnome etc? Thank you!

[–] j0rge@lemmy.ml 7 points 4 months ago (1 children)

Yeah checkout ucore, which is derived from CoreOS instead of Silverblue: https://github.com/ublue-os/ucore

[–] barsquid@lemmy.world 5 points 4 months ago (1 children)

Does ublue have any plans to do variants of Fedora IoT? CoreOS seems more targeted for cloud than home servers. The ignition file is a benefit if you want to spin up hundreds of servers but a bit of a hindrance if you just starting out at home with a machine or two.

If they are just installing to a single machine and don't need drivers or kernel mods I'd suggest IoT over bothering with anything CoreOS.

[–] j0rge@lemmy.ml 3 points 4 months ago

We probably won't (we're not looking to grow that much anymore), but I think someone should definitely take either portainer or the proxmox stack and just slap it on top a CoreOS image with a user friendly installer and make a killer SMB server.

[–] tifriis@sh.itjust.works 3 points 4 months ago (1 children)

Thanks ! Is there a file/site to see the difference between silver blue and bluefin ? Are they using same repositories ? Or bluefin add rpm fusion for example ?

[–] j0rge@lemmy.ml 2 points 4 months ago

Here's the repo: https://github.com/ublue-os/bluefin and the intro doc outlines some of the features. We include all the codecs from rpmfusion and use negativo17 for the nvidia drivers.

[–] chunkystyles@sopuli.xyz 2 points 4 months ago

I'm contractually obligated to harass you about that key rotation slip up.

[–] HotsauceHurricane@lemmy.one 1 points 4 months ago

Are there any plans to use live images instead of installers? I want to try bluefin before i actually install.

[–] kenkenken@sh.itjust.works 7 points 4 months ago

Silverblue is an official Fedora edition, almost exact Fedora Workstation, but immutable. I use it. universal blue is a third-party project and their images are bloated with additional "features": packages, drivers, etc. Bluefin contains Homebrew for example. It's how they describe it, but I haven't tried it to say more precise.

[–] user@lemmy.one 5 points 4 months ago (4 children)

There's also secureblue 🤣

My quick play w them: fedora(company) atomic distros like silver blue(gnome) vanilla way. Ublue(some independent developers) making their own versions/spins of fedora, eg bluefin, aurora, bazzite. Focused on a better experience.

Secureblue(some independent developers), also making their own versions/spins of fedora but focused on privacy/security.

None of them could see my network printer so I went back to normal fedora.

Immutable distros way bigger learning curve.

[–] j0rge@lemmy.ml 9 points 4 months ago (1 children)

What kind of printer? What's the name of the package that got it working? We can add printer drivers pretty easily.

[–] user@lemmy.one 9 points 4 months ago (1 children)

Hi Jorge, Thanks so much for reply. Love your energy on your project and YouTube videos. My printer is brother MFC-L2750DW. Sorry I'm "experienced" linux mint xfce user, and wanted to give fedora gnome a go for Wayland, selinux enforcing and zram for security privacy yada yada. When I came across your project, you and your team done such an awesome job. So I guess if I can get the printer up and working I'll go back to bluefin. Thanks again for TLC. ❤️

[–] holland@lemmy.ml 3 points 4 months ago

That's weird. I have the same exact printer and it works fine in both Aurora and Bluefin. Autodetected and everything, even scanning works out of the box.

[–] boredsquirrel@slrpnk.net 5 points 4 months ago* (last edited 4 months ago) (2 children)

Secureblue ships Chromium, is lead by a single person and does not care about privacy "if it leads to worse security" (i.e. preinstalling Chromium and removing Firefox, even though there is no evidence that Chromium is more secure, it may likely be less secure)

[–] user@lemmy.one 2 points 4 months ago

Thanks for info 👍

[–] poki@discuss.online 1 points 4 months ago* (last edited 4 months ago) (4 children)

is lead by a single person

Ultimately, (some) decisions are made by a single person. However, the list of maintainers suggests that contributions are welcome.

~~> even though there is no evidence that Chromium is not even less secure)~~

~~The double negation makes it hard to understand; but if I would give it a try, then I would get the following:~~

~~"even though there is evidence that Chromium is even less secure)"~~

~~If the above represents your views, could you provide said evidence?~~

even though there is no evidence that Chromium is not even less secure

What's your take on Madaidan's (i.e. security researcher on projects like Kicksecure and Whonix) article on the matter? I'm aware that it's a bit outdated. However, would you be able to confidently claim that nothing found within is relevant today?

[–] Shareni@programming.dev 3 points 4 months ago (2 children)

"even though there is evidence that Chromium is even less secure)"

That's not how double negatives work. The alternative would be:

Even though there's no evidence that chromium is more secure.

[–] poki@discuss.online 2 points 4 months ago

I think you're right. Thank you!

[–] boredsquirrel@slrpnk.net 2 points 4 months ago

This. Fixed it up

[–] boredsquirrel@slrpnk.net 1 points 4 months ago (1 children)

The article is very outdated and possibly not complete. ChromeOS uses Linux so you can assume it is very secure there.

I miss a debunk on the exact points by firefox devs.

But people everywhere told me madaidans article is not correct. Torbrowser also still doesnt use Chromium for various reasons. And that is the most security critical browser there is.

[–] Aqler@discuss.online 1 points 4 months ago* (last edited 4 months ago) (1 children)

The article is very outdated and possibly not complete.

Source to back this up?

ChromeOS uses Linux so you can assume it is very secure there.

Wut? I didn't get this. Could you elaborate?

I miss a debunk on the exact points by firefox devs.

Does such a debunk even exist? Or do you hope it will be made at some point? Furthermore, do you imply that it deserves a debunk; hence its content is false? If so, based on what?

But people everywhere told me madaidans article is not correct.

Have they offered you a similarly well-backed and sourced refutation/article? Or did you simply dismiss Madaidan's cited claims without anything to back it up? Do you think this is an academic/logical/sensible approach just because some randos said it's incorrect?

Torbrowser also still doesnt use Chromium for various reasons. And that is the most security critical browser there is.

Tor Browser's commitment to Firefox is probably more related to sunk cost fallacy, FOSS and trust than it's to Firefox' merits on security.

[–] boredsquirrel@slrpnk.net 1 points 4 months ago (1 children)

Please just duckduckgo these questions.

The article is from an old date and got no updates, security is a moving target so it is outdated.

a debunk is not existent, thats why I miss it.

I requested such an article of Mozilla devs long ago. There is a damn bugzilla thread, which helps a bit, but it needs developer documentation or something.

Torbrowser needs to be secure. If the browser source cannot be trusted, or if Mozilla can be trusted more, then it makes sense to use it.

[–] Aqler@discuss.online 1 points 4 months ago* (last edited 4 months ago) (1 children)

The article is from an old date and got no updates, security is a moving target so it is outdated.

I agree that it's not very up to date. Heck, I even said as such with "I’m aware that it’s a bit outdated. However, would you be able to confidently claim that nothing found within is relevant today?" (Yes, I'm @poki@discuss.online). That's exactly why the bold parts were included. However, instead of answering my question, you just called it outdated to dismiss all of its claims. But, that's not how it works, you should -instead- state if it's relevant or not. I.e. is everything mentioned within solved? Or are some issues still standing?

Btw, if you go about duckduckgoing stuff, I actually do. However, apart from CHEF-KOCH, I couldn't find anything on this matter. Furthermore, I couldn't find anything on CHEF-KOCH's credentials. So, why should I favor their opinion over Madaidan's (that at least works on Kicksecure and Whonix)?

a debunk is not existent, thats why I miss it.

Clear. Thank you for explaining!

I requested such an article of Mozilla devs long ago. There is a damn bugzilla thread, which helps a bit, but it needs developer documentation or something.

Thank you for your effort! I tried finding the bugzilla thread but failed. Would you mind helping out?

Torbrowser needs to be secure. If the browser source cannot be trusted, or if Mozilla can be trusted more, then it makes sense to use it.

Fair. Someone who's actually security sensitive would run it within a disposable qube anyways. And, in that case, security would have already been solved. So, Tor Browser can focus on privacy.

[–] boredsquirrel@slrpnk.net 2 points 4 months ago* (last edited 4 months ago) (1 children)

However, would you be able to confidently claim that nothing found within is relevant today?

No, not what I said. As said, there was no debunk and there were pretty hefty claims with a lot of backing facts.

These are old but I read a ton of Mozilla bugs, and even reported some security relevant ones.

So I know that even security relevant things may just get ignored or postponed.

However, apart from CHEF-KOCH, I couldn't find anything on this matter.

Yeah same here. I was contributing a bit to secureblue when it was just starting, and qoijjj found the Chromium policies on some raaandom strange website for Windows Chrome group policies? It is crazy, these things are just not documented.

This CHEF-KOCH dude, I also dont know what to think.

Not being discoverable is nice, I recently decided to use a consistent username, as I kinda stopped being a noob all the time. It improves trust somehow.

Mozilla and TBB people have threads.

[–] Aqler@discuss.online 2 points 4 months ago (1 children)

Thank you for your efforts! Thank you for the links! And thank you for being open and genuine! Hopefully Mozilla Firefox will ever improve until even its toughest opponents can't ignore it. I wish ya a great day!

[–] boredsquirrel@slrpnk.net 2 points 4 months ago
[–] kenkenken@sh.itjust.works 1 points 4 months ago

It is quite opinionated though.

[–] Telorand@reddthat.com 1 points 4 months ago

There was a post about that exact issue not that long ago, basically, you have to do some networking trickery to get some printers to work.

I agree that there's a big learning curve, though it's a nice option if everything you need can be found as a flatpak or appimage.

[–] The_Zen_Cow_Says_Mu@infosec.pub 1 points 4 months ago

i use the universal blue silverblue-main image because it's basically silverblue along with some packages included that I otherwise would have to manually layer in anyway (e.g., distrobox, freeworld-amd drivers from rpmfusion) and some quality-of-life improvements (some just recipes, automatic updates enabled)

I tried bluefin, but it was "too opinionated" and I didn't agree with a lot of its opinions. Same for bazzite.

[–] boredsquirrel@slrpnk.net -4 points 4 months ago* (last edited 4 months ago) (1 children)

Well either uBlue's "variant focus" got too much or you are just really lazy

[–] tifriis@sh.itjust.works 1 points 4 months ago* (last edited 4 months ago) (1 children)

Ublues = universal blue ? XD or is it again another spin ?

[–] boredsquirrel@slrpnk.net 1 points 4 months ago

Ublue's

I hate apostrophes :/