What are your ‘defaults’ for your desktop Linux installations, especially when they deviate from your distros defaults? What are your reasons for this deviations?
To give you an example what I am asking for, here is my list with reasons (funnily enough, using these settings on Debian, which are AFAIK the defaults for Fedora):
-
Btrfs: I use Btrfs for transparent compression which is a game changer for my use cases and using it w/o Raid I had never trouble with corrupt data on power failures, compared to ext4.
-
ZRAM: I wrote about it somewhere else, but ZRAM transformed even my totally under-powered HP Stream 11" with 4GB Ram into a usable machine. Nowadays I don’t have swap partitions anymore and use ZRAM everywhere and it just works ™.
-
ufw: I cannot fathom why firewalls with all ports but ssh closed by default are not the default. Especially on Debian, where unconfigured services are started by default after installation, it does not make sense to me.
My next project is to slim down my Gnome desktop installation, but I guess this is quite common in the Debian community.
Before you ask: Why not Fedora? - I love Fedora, but I need something stable for work, and Fedoras recent kernels brake virtual machines for me.
Edit: Forgot to mention ufw
I’ve never had a problem with ext4 after power failure.
Zram is not a substitute for swap. Your system is less optimal by not having at least a small swap.
Firewalls should never default to on. It’s an advanced tool and it should be left to advanced users.
Not to mention how much grief it would cause distro maintainers. If they don’t auto configure the firewall they get blasted by people who don’t know why their stuff isn’t working. If they auto configure they get blasted by people upset that the auto configurator dared change their precious firewall rules. You just can’t win.
Why does not having swap make the system less optimal? Considering obviously it has more than enough ram available.
Swap holds memory pages which are not currently used. Putting them out of the way will optimize the main RAM for normal operations.
It’s not a huge difference on a modern fast system with lots of actual RAM but it can be felt on older systems and/or less RAM.
So it’s not not having swap that makes the system “less optimal” but not having enough RAM if I understand correctly?
I have a question about swap.
My current rig has 64 gb, and I opted to not create a swap partition. My logic being I have more than enough.
The question is does swap ever get used for non-overflow reasons? I would have expected 64 GB to be more than enough to keep most applications in memory. (including whatever the kernel wants to cache)
I also have 64 GB and yes, it gets used. For very low quantities, mind you, we’re talking couple hundred KB at most, and only if you don’t reboot for extended periods of time (including suspend time).
Creating a big swap is not needed, but if you add one that’s a couple hundred MB you will see it gets used eventually.
You don’t have to create a swap partition, you can create a swap file (with dd, mkswap, swapon and /etc/fstab). You can also look into zswap.
Swap is not meant as overflow “disk RAM”, it’s meant as a particular type of data cache. It can be used when you run out of RAM but the system will be extremely slow when that happens and most users would just reboot.
I believe so, though I went without swap for a while myself and never noticed any issues. When in doubt a 1gb swap partition can’t hurt.
What is the difference between physical swap and having a swap partition on ZRAM, especially for the kernel? To the best of my knowledge, nearly no Linux distribution supports suspend to disk any more, any ZRAM swap looks for the kernel like … swap. Thanks to the virtual file system. Further, I have high trust in the Fedora community, which decided to use ZRAM.
We can agree to disagree about the firewalls, especially for people who don’t now why their stuff isn’t working, it protects them and is much better than having unconfigured services with open ports on a laptop in a public network IMHO.
Honnestly. Firewalls shut be enabled by default. Specially on laptops connecting to public places.
A good default shut be choosen by the disteo maintainer. A default shut not overwrite your own config. Like any config really. So no upset folks that like to change the firewall. Also if you dont block much outgoing trafic you are not likely to run into problems. And for people that like to poke holes in the incoming trafic. Your a “advanced” user anyway.
So what should happen when the user installs a service that needs an open port in order to work? Presumably the whole point of installing it being to, you know, use it.
Nobara KDE user here. One of the reasons why I chose it is because it comes with many of the customisations that I’d normally do (such as using an optimized kernel). But in addition, I use:
- Opal instead of LUKS
- KDE configured with a more GNOME/macOS like layout (top panel+side dock)
- GDM instead of SDDM, for fingerprint login
- Fingerprint authentication for sudo
- TLP instead of power-profiles-daemon for better power saving (AMD P-State EPP control, charging thresholds etc)
- Yakuake terminal (and Kitty for ad-hoc stuff)
- fish shell instead of bash
- mosh instead of ssh
- btop instead of top/htop
- gdu instead of du/ncdu
- bat instead of cat
- eza instead of ls
- fd instead of find
- ripgrep instead of grep
- broot instead of tree
- skim instead of fzf
Opal drives are self-encrypting, so they’re done by the disk’s own controller transparently. The main advantage is that there’s almost no performance overhead because the encryption is fully hardware backed. The second advantage is that the encryption is transparent to the OS - so you could have a multi-boot OS setup (Windows and FreeBSD etc) all on the same encrypted drive, so there’s no need to bother with Bitlocker, Veracrypt etc to secure your other OSes. This also means you no longer have a the bootloader limitation of not being able to boot from an encrypted boot partition, like in the case of certain filesystems. And because your entire disk is encrypted (including the ESP), it’s more secure.
Thank you very much for your explanation.
I still feel skeptical about using a chips controller for encryption. AFAIK there have been multiple problems in the past:
- Errors in the implementation which weaken the encryption considerably
- I think I even read about ways to extract the key from the hardware (TPM based encryption)
Do you provide a password and there are ‘hooks’ which the boot process uses for you to enter the password on boot?
I think it is nice to have full disk encryption, but usually we are speaking about evil-maid attacks (?), and IMHO it is mostly game over when an attacker has physical access to your device.
zram… Obvious
systemdboot (unless I’m on a distro without systemd)… My main desktop is running Gentoo OpenRC atm
xanmod kernel… It’s literally just free performance
wayland… I have 3 monitors with 3 different refresh rates and 3 different resolutions, X11 just isn’t an option for me (smooth animations are a bonus to ig)
Unlock origin, ecosia and dark reader as extensions, regardless of browser
VSCode… I like FOSS software as much as the next guy, but I want my code editor to just work with minimal to no configuration
Fish shell, has the best autocomplete and integration of any shell
You could use VSCodium fork. I mean, it’s still the same exact shit, and I use it everyday without ANY observable difference to official builds of VSCode. Unless you end up joining the dark side one day and install 2000 ViM extentions lol
Nice, I second VSCode, although I have always a VIM version for the quick edits installed.
I just checked the website for xanmod and it looks interesting, several questions:
- Do you really use it on a desktop? (The website seems to suggest it is optimized for server loads)
- How exactly do you experience the difference in performance?
- What is your most low tech computer you run xanmod on? (I simply heard too many times, that nowadays there is no good reason to compile your own kernel unless you have very specific needs.)
Xanmod is a gaming-optimized kernel… Idk where you read the server stuff from and the performance and the difference isn’t so much in performance… I mean there is still an uplift there but it’s more improved frame consistency (less microstutters) the games just feel more snappy.
Idk what you mean by “low tech computer” but I’ll assume that means “weakest”, I run xanmod on my main desktop PC, which is the only computer I game on, so it only makes sense there. It does tend to kill battery life on laptops and idk anything about getting it to work with nvidia (I’m on AMD). As for the “weakest” computer I’ve ran it on… tbh I don’t remember, I don’t really use a lot of low-end PCs in my daily life.
As for compiling xanmod, no reason to, 90% of the distros either have it in their main repos, or in the AUR on arch or on a copr repo on fedora. I did compile and configure it myself (I use gentoo) but the performance difference between the packaged version of xanmod and the one you compile yourself is minimal, most of the uplift comes from the kernel itself.
Thanks for your elaboration.
When I scanned the website, I read this
“The real-time version is recommended for critical runtime applications such as Linux gaming server / client for eSports, streaming, live productions and ultra-low latency enthusiasts.”
and saw that they optimize IO. (I missed the word ‘client’ above.)
Nowadays I do my gaming on a SteamDeck, I don’t own a PC powerful enough to be useful for gaming. Don’t know about Valves changes to the kernel, but I never encountered any stutters with the Deck. If I ever find the time to build a gaming PC, I’ll give this kernel a try!
… and sorry again, I wrote not very clear (non native English speaker): I wanted to express, that I always hear/read that nowadays one should simply stick to the default kernel in the distributions. Was not aware that there are big differences for gaming.
- btrfs unless I know I’m not gonna use it that much (might check out bcachefs soon)
- Kitty as the terminal, life is better without fancy multiplexers
- Firefox
- fastfetch > neofetch
- zsh without oh-my-zsh
- tbsm as DM (if available)
- Hyprland as the WM
- Plasma if I have to use a DE
Swapfile instead of partition so I don’t risk losing my data if I don’t have enough memory (haven’t checked out ZRAM yet)Welp that changed quickly, ZRAM looks insane- GRUB as bootloader, also a separate install for every distro, kinda just out of fear that I’ll break it somehow
I tried to use kitty but I have to ssh in to remote machines often for work, usually one of a few hundred edge devices, and I can’t configure them all to work properly with it. Is solid ssh support just not a deal breaker for others?
