For the past few years my personal computers have (mostly) had Fedora Linux as the primary operating system. This past month I refreshed some of my hardware, and while I have been happy with Fedora, the timing made sense to take a look at other distributions that might fit my requirements and preferences. It was an interesting couple weeks of testing different distros, and I thought I would share my thoughts here.
For the unfamiliar, a Linux distribution is a set of software packages that are put together to make a complete operating system. Unlike Windows or MacOS, Linux distributions can have different graphic environments and features on top of the core Linux kernel. Different distributions have varying design goals and audiences. A full discussion of what Linux is, and why you might want to use it is a whole different blog (that I may write soon).
For myself, although I am a fairly advanced Linux user, I generally want my primary machine to “just work” and get out of my way as much as possible. It has been fun to tinker with Arch or Gentoo in the past, but distros with high change rates or configuration requirements don’t work for me on my main workstations.
Thusly, here were my personal requirements for selecting a distro:
- Strong security (notices, rapid security updates, secure boot support, default-enabled MAC, strong defaults)
- Support for Thinkpad X1 Carbon Gen 9
- Good integration with Gnome (my preferred desktop environment)
- Ability to run mainstream software distributed for Linux, such as Spotify
- Secure repositories for necessary closed-source software, such as MP3 codecs
Nice to haves:
- Less frequent large software updates
- Non-free software repositories available from distribution rather than third parties
- Default hardened builds of repository software
- Wayland availability
- Privacy respecting defaults
Okay, so right at the start these narrow down my selection quite a bit. I want to upgrade to new features on my own timeline, so rolling distributions (Arch, openSUSE Tumbleweed, Debian Testing, etc.) are out. Distributions that don’t use one of the two main package formats .deb and .rpm are also out. Usually there are workarounds but I want ease of use.
This resulted in the following short list of distributions which appeared to meet all of my criteria:
- Ubuntu (LTS or latest)
- Debian (Stable + backports)
- openSUSE Leap
There are doubtlessly some others, but many would be derivatives of these upstream releases. I installed each distribution on my new Thinkpad for a few days and my notes comparing them follow.
A few years back I ran Tumbleweed for perhaps 9 months on a primary machine, which was mostly a success until an update caused a substantial breakage. That was my last foray with a rolling distribution on a primary workstation, but Leap offers more stability and is beginning to integrate binaries directly from SUSE, an enterprise distribution famed for quality engineering.
The installer was pleasantly helpful, offering native support for btrfs partitioning and a minimal Gnome desktop. Knowing that openSUSE has a good snapper integration for rolling back the file system, this is what I configured, and I was soon booting into the installed operating system.
The openSUSE package manager, zypper, continues to be impressive, and substantially better than apt. YaST also provided a nice GUI for configuring various items. Unfortunately, I quickly ran into two issues which ultimately led me to pass on Leap.
First, when I went to install non-free multimedia codecs I realized I would need a third party repository enabled to do so, and that repo (packman) did not fill me with confidence when upon visiting their websites Firefox warned me they did not support HTTPS. Granted, this fact alone does not mean the repo is inherently insecure, and their website is purely informational. However, configuring HTTPS is easy to do and expected in 2021, and this is a red flag that there may be other issues behind the scenes.
Second, the kernel version was still 5.3, which is fairly old. SUSE supports this and backports fixes, but notably absent is the kernel lockdown mode added in 5.4 as well as some amount of hardware support for the new X1C. This was a deal breaker. In all fairness, I get the impression that Leap is aimed at servers and enterprises moreso than desktop users. For those use cases having an older kernel and skipping non-free codecs is not a big deal and having the amount of expected stability is a great benefit.
- Very stable and well tested
- Security defaults appeared solid
- Capable installer
- Old kernel version
- Third party repo for non-free codecs
- Still using X11
Debian conveniently just released version 11 (code named Bullseye) a few weeks ago after two years of development. Initial indications were that this would have relatively recent packages, a substantial amount of testing and stability, with the option to backport newer packages if needed.
The installer was fairly user friendly, and while it did not offer btrfs support that wasn’t a huge deal to me. After booting into the OS, I was able to install non-free codecs direct from the repos, and set about tweaking things to my liking. Debian 11 is running Gnome version 3.38 which retains the polished Gnome 3 experience I’ve been used to for years now. All of the extensions work as expected, including dash-to-dock which is a must-have for me.
Bullseye was largely successful for me, performing without major issues and allowing the amount of customization I wanted with ease without any bugs. I do wish that there was better documentation about security defaults, as it wasn’t clear what level of hardening (build flags) the packages in the repos were required to have, nor what default app-armor profiles should have been set. I also realized I would need to backport a version of Firefox newer than ESR, and that the kernel was at 5.10, which while new, turned out to be missing a couple hardware support items for the X1C. The general polish on Gnome UI was also not quite as Ubuntu by comparison, with regard to fonts and aesthetic preferences.
Overall it was a contender, and I wouldn’t hesitate to use it in the future. I suspect my perceived shortcomings here are the result of Debian being designed as a universal operating system rather than tailor made for desktop use, as some derivatives are.
- Stable, well tested
- New enough kernel for most
- Backports available when newer software required
- Gnome 3.38 for those who don’t want to jump to 40 yet.
- Not as visually polished as it could be
- Security documentation not easily found
- Kernel 5.10 doesn’t fully support X1C, newer kernel not yet in backports
Ubuntu LTS 20.04
I hadn’t used Ubuntu as a main OS in years, and will admit that Canonical left a bitter taste in my mouth in years past due to their decisions regarding Unity, Mir, and privacy. However, they seem to have changed their ways in recent years so I was willing to give it another try. Ubuntu has a huge compatibility benefit as it is the most widely used desktop version of Linux by a wide margin, and the LTS version has a reputation for stability while maintaining good hardware support with their kernel options.
The installer, however, could use an update. It was functional enough, but the “advanced” option had few options for manual partitioning. I was able to manually setup LUKS encryption and add a single partition inside the container, which works but for users who prefer having separate /home (or other) partitions, you are left to the command line. Btrfs support existed, and creating a single btrfs volume and then adding sub-volume in terminal post-install was easy enough, but other distributions offer this in the GUI and will automatically do it if asked.
Using the OS was what I expected from Ubuntu. The Gnome dock was replaced by a their panel, but the UI was polished and looked nice at the outset. Software installs including non-free were easy, and there was even a repo enabled with specific support for my Thinkpad. I didn’t did too deeply into what was added, but I did not notice any hardware issues in testing. 20.04.3 comes with kernel 5.11 which is very recent, and while it doesn’t contain optimal hardware support for me, the OEM repo seemed to work. For most, 5.11 will be sufficient, and for older hardware the original release is available with an older kernel which will continue to receive backported security fixes until 2025.
The only issue that really kept me from being completely satisfied here, was that as I added the vanilla dash-to-dock extension to Gnome, and adjusted things to my liking, there were some UI bugs that cropped up probably as a result of the Ubuntu-customization of upstream Gnome. Not deal breakers, but annoying.
- Long support lifetime, with newer kernels optional
- Visually polished
- Wide compatibility with other software
- Wayland available; X11 default
- Third party drivers available by default
- Customization bugs
- Kernel slightly older than full support for my hardware
After trying Ubuntu LTS, Debian, and Leap, I now realized that if I wanted full support in the kernel for my X1 Carbon I was going to need to find a distro with 5.13, which was just released. For my purposes, that left Fedora 34 which was released in April 2021, or Ubuntu 21.10 which is not even in beta yet, but which was past feature freeze with nightly images available.
The 21.10 installer still has not been updated, so my criticism above fully applies and it is fairly ridiculous that I can’t manually create more than a single partition inside a LUKS volume in 2021. However, I worked around it and got everything installed.
21.10 is shaping up to be an interesting release, and the nightly has been rock solid stable. Gnome 40 is running, but you wouldn’t notice it immediately as Canonical have customized their own version of the dash-to-dock extension to keep their dash on the left as in previous releases. The best part of having Gnome 40 this way is that touchpad gestures are available, which is a fantastic improvement.
My minor gripes about 21.10 are that snap packages for some reason have some minor graphical issues. Standard Notes does not have crisp fonts, and the software center looks particularly janky. However, it is not even beta yet, so I can’t really draw conclusions. I am impressed so far though, and this is a top contender as my new distro of choice.
- Kernel 5.13, Gnome 3.40, rich new features
- Once released, no major updates for 9 months besides security / bug fixes.
- Gnome 40 gestures without Gnome 40 dock issues (see Fedora, below)
- Wayland by default
- Still pre-beta, so big grain of salt on these
- Limited to 9 months of support from release compared to 12 from Fedora
- Weird snap issues
- Installer still very dated
And so we come full circle to Fedora. Version 33 of which is present on two other production systems I use. In my opinion, Fedora has the strongest security defaults of all the distributions listed here. All repository packages are built will full hardening flags, Wayland by default, fast updates, good selinux policy, and they beat all the competition to these goals by years. However, the price of being ahead of the pack is no LTS option being available. Fedora releases come every six months, and receive 12 months of support. The biggest annoyance I’ve had is the amount of updates due to their (understandable) update policies, sometimes resulting in three or more new kernels in a single week, plus swaths of other packages. The downloads and reboots required to keep a Fedora system fully patched definitely exceed that of the other options here. Dnf (the Fedora package manager) offsets this slightly by being generally faster and better than apt.
The 34 installer is the same one Fedora has been using for a few years now, and I’ve found it feature-rich and fantastic. It may not be as user-friendly to newcomers as the Ubuntu installer, but hey the manual feature is actually usable and better than that, they have an option to automatically create a partition setup based on common options and then let you modify it if needed. Btrfs is the default, and it works great.
After getting installed, everything works as expected. The UI is not quite as polished as Ubuntu, but it looks great regardless. MP3 codecs are available in the official repos now, although RPM Fusion third party repos may be required for some other codecs. No issues with the software center or snap packages like Ubuntu.
The elephant in the room here is Gnome 3.40, which is fully vanilla in Fedora. As mentioned previously, the gesture support is great, but there is otherwise some growing pain here. The dock has been moved to the bottom of the screen and is only visible when overview is active, effectively adding a click any time I want to use a mouse to switch between applications, and the ability to customize this behavior is not yet available. It is expected the dash-to-dock extension will be Gnome 40 compatible in a matter of days, but since April there has not been a great option to customize Gnome 40’s dock.
This is incidentally, a good example of Fedora’s release cycle actually succeeding though, in a way. Users of 33 (me), which have Gnome 3.38, will not need to upgrade until October, at which time a compatible version of dash-to-dock should be available. Unlike rolling distributions, Gnome 40 was not forced on users out of the blue.
So, Fedora is still a strong contender for my primary machine, probably tied with Ubuntu 21.10. For the moment I am dual booting both until I can test the final 21.10 release as well as get dash-to-dock compatibility with Gnome 40. I’ll also be comparing some benchmarks along the way, as the default file systems are quite different now that Fedora is defaulting to btrfs with transparent compression enabled.
- Strongest security defaults
- Most modern software
- Wayland by default
- Personal track record of stability
- Great installer
- Frequent updates
- Gnome 40 without dash-to-dock extension
- No LTS option
The great thing about Linux is that there is so much choice and everyone can have a system that works for them. These are largely personal preferences, but I hope some of my experiences will be useful to the next person in search of a new distro.