Fri 14 February 2025

The Linux Cast is one of my favorite Linux youtubers, as he usually posts very interesting videos and isn't afraid to share his off-the-cuff opinions of things in the Linux world, yet is usually not toxic, unlike some of that space's more infamous members.

He published a slightly ranty video about what he considered the most overrated aspects of Linux, and of course, daring to share your opinion on the internet is not a deed that can go unpunished 😂

While I tried to stay snark-castic throughout my reply, he honestly does have some good points.

My thoughts are the following:

1. Open Source

Matt says that the Open Source nature of Linux is overrated because most users don't review the code. I don't know what he's talking about, because I obviously reviewed every one of the millions of lines of the Linux kernel and Firefox before using it. Don't you?!?

Obviously all of the code that is released within the Free and Open Source world is exhaustively reviewed, isn't it? ;)

Ok, the funny thing is that the (purposefully planted) xz vulnerability wasn't found because of a mythical source code review, but only because automated testing determined that xz had become a tiny bit slower from the previous version. But the open nature of the source code did make it much easier to figure out why that was happening, and stop the vulnerability before it became widely promulgated. Much of that could have been accomplished if xz wasn't open, but it would have taken longer.

2. Choice / 3. Distro-hopping

I think what Matt is saying here is that we don't really need all of the choices that we have, that all the Linux distros are more-or-less the same at the end of the day.

I think it depends a lot on what you're looking at. If Wayland, for example is giving you heartburn for whatever reason, a distro that's wayland-heavy is going to be a bummer. But most end users wouldn't be able to tell you whether they were running Gnome/KDE on Wayland or X11. Also, I do run OpenBSD on one of my laptops (just to have something different and to be able to enjoy learning a different system), but when I'm just interacting with neovim on i3wm, does it FEEL all that different than using a Debian box? Perhaps not.

Also, I think I'll go a step further than Matt to say that we really don't need yet another re-skinned "distro" that just packages Arch or Ubuntu and slaps a custom theme on it. I mean, he didn't say those words, but I think he was probably thinking something along those lines. ;)

4. Security

If had been asked 20 years ago, I would absolutely have said the Linux is more secure than Windows (and I did, on many occasions). Windows had a huge black eye in the security scene in the "naughties." Nowadays? I think it's honestly a toss-up. Linux is not a security-oriented operating system, although there are definitely very advanced security mechanisms that can be used. Security is not a top priority for Linus, and he has made his opinion on the subject pretty clear. I'm not saying it's insecure, but it's all pretty relative.

Matt mentions "security through obscurity", which I think is an interesting term to use. I think the way he uses the term is valid because "Obscurity" in English can either refer to not being well known, or to something that is purposefully hidden. In the infosec field, however, "Security through Obscurity" technically refers to wilful obscuring of details to prevent disclosure. In that sense, Windows has (and likely still does) use Security through Obscurity by not disclosing its inner workings, rather than Linux having Security through Obscurity by virtue of not being as popular. Again, his use of the term is technically correct in the English language, but not technically correct in the security field, as far as I understand it.

As far as what the most secure OS in the world is, I suppose it's the OS that's running on an air-gapped server, guarded by a cult of rabid, homicidal ninjas that swore an oath to never let a living being near it. Or perhaps it's the OS running on a server with a nuclear bomb strapped to it, 1 microsecond after the bomb goes off. The most secure computer is one that no one can touch, that isn't connected to anything, and can't have anything done to it. So basically, a brick. ;)

5. Rolling releases

Honestly, I think staggered releases (every 6 months or so) is the best of both worlds. I'd so love it if Debian could switch to that, but I know that would be a lot more work for the volunteers to do. While I love Debian, having packages over 2 years old (right before a new stable release) is pretty rough, and makes some things difficult to do, when even some programming languages are too old to even compile some programs from source.

6. AUR

The AUR is a good "Ports"-style system, although I have trust issues with user-submitted build scripts. When you look at Arch's package repo, it actually has far fewer packages than Debian (15,000 vs. 50,000). The AUR has far more (90,000), but they aren't vetted. I know nearly everyone on Arch or Arch-derived (I know, "boo, hiss!") distros uses the AUR (and I did as well when I was using a derivative), but I always tried to read the build scripts and at the very least check all of the URLs within them.

7. Firefox

To me, the thing with Firefox is that it is pretty much the only "modern" browser that I consider ethically okay to use. Anything based on Chrome / Chromium / Blink is out of the question for me, because then you're voting with your User Agent and basically saying that Google's hegemony over the web is okay, which is seriously not cool.

Of course, by "modern" I'm specifically referring to the ability to use most popular commercial websites, which I'd rather not care about, but a guy's gotta eat. If it wasn't for webshites like amazon, ebay, financial institutions, and the like, I'd be ecstatic to just use browsers like w3m, chawan, XLinks, dillo, and perhaps Ladybird.

Dropping all humorous pretense of angry criticism because I actually am being critical on this point: considering geegaw features like (I guess) vertical tabs and A.I. (whatever that actually is) as more important than essential freedoms (community control over web standards, no tracking, proper ad blocking) is how we got here, y'all. So maybe don't do that. Please. :D

Just for clarity, Chromium (the basis of Chrome) is also Open Source (very nearly as open as Firefox is — IANAL, but the licensing terms seem fairly comparable). Firefox isn't better than Chrome because it's more Open Source than it (it's only a little more open than Chrome, and arguably not any more open than Chromium). Firefox is better than Chrome because it isn't used by a trillion-dollar corporation to strong-arm web standards for maximum profit.

8. Suckless.org

I think my defense of suckless would be to decouple the suckless design/user methodology from the suckless programming methodology. I agree with Matt that suckless' tools by default are kind of unusable, for the most part. I recently discovered sent, which is an excellent X11 presentations application that uses dead-simple plain text as its presentation format. I first used it on OpenBSD without realizing that the version packaged for OpenBSD had a couple of patches applied. When I used it on Debian, I couldn't set the text colors. What?? Oh, that's a patch. <facepalm>

I also love nsxiv, which I always thought was a suckless tool, but it's actually just a tool inspired by the suckless utilities, not created by them. And it shows, because it's actually usable! 😄

But I'm still a fan of suckless, and I don't agree that adding all the packages would make the suckless tools as bloated as anything else. I just wish they weren't quite as extreme with their minimalism at times. ;)

I took Matt's statement that applying all the patches you needed to make dwm function would make it the size of qtile in terms of source lines of code a little too seriously, and I started to try to download ALL of the patches. An hour of downloading later, I was about half-way through the list (I probably should have scripted that, lol), and it amounted to 23k SLOC of patches alone, on top of the 2500 SLOC for dwm itself. Qtile weighs in at about 56k SLOC, so I guess if you need a LOT of patches to make dwm usable, then Matt is correct.

Man, sometimes being a pedant is exhausting.

100 Days to Offload 2025 - Day 13

Category: Humor Tagged: 100DaysToOffload ADHD Computing Entertainment Ethics FOSS (Free and Open Source Software) Humor Non-religious post Polemic Social Media UNIX