A lot of people are saying that a lot of things here aren’t Fedora/Red Hat’s fault. It doesn’t actually matter whose fault it is, does it? Is it user friendly or isn’t it?
2 Likes
Indeed. You can find solutions/workarounds to most problems. But, I am sure that even 1% of people won’t bother to go into the difficult way. I am just a privacy conscious person, so why should I have to spend hours for basic information and configuration?
How many of us really use Fedora or GrapheneOS as daily driver?
My points is switching to Linux is already a difficult choice for an ordinary user, and Fedora makes it more difficult.
I would posit the same question against Ubuntu. My opinion is Ubuntu used to be much more user-friendly before prematurely pushing snaps. Last I checked, the Libreoffice snap has a massive performance penalty compared to native. Firefox and Thunderbird had the same problem, but it has seemingly been mitigated. Now Ubuntu users are left to wonder if snap packages are performing worse than their native counterparts, and choose app by app whether to go native or snap (at least for those apps where they still have a choice). IMO this is a much bigger UX failure than any and all of Fedora’s limitations.
Mint meanwhile may indeed remain a better experience for new users, but the lack of wayland support is a dealbreaker for me.
I do. Both counts.
i daily drive both but i am an IT person. i have never thought of Fedora as not being user friendly, and actually think the only thing easier imo would probably be Ubuntu due to the community and larger user base. i do think it’s by a pretty small margin.
i also think it’s interesting that of all the recommendations on the linux page, Fedora is the one being called into question over user friendliness. Unless YaST really makes up the difference, openSUSE would be even worse due to being far less popular/fewer packages, and Arch…well, it’s not focused on user friendliness, it’s focused on minimalism.
1 Like
For a GNOME modified experience there is the Nobara Official Project based on Fedora Workstation. This could be an option out of the box I guess for a more “user friendly” Gnome.
Last time i checked Nobara disabled secure boot. If you want a similar layout you could just use some extensions.
1 Like
I think still the same. I don’t mind the secure boot disabled and find an interesting project for those that have trouble tweaking Fedora for their likes as an option of pointing to Ubuntu. Nevertheless, is a good heads up.
I’d caution the use of Nobara.
It is an ok Linux distro for newcomers.
Its a great distro for gaming with a lot built-in quality of life features for gaming.
Its not a good distro for privacy and security:
- SecureBoot disabled (for Nvidia GPU users)
- SE Linux is replaced by AppArmor
- Discord sandbox is off (but Discord is not installed by default)
But of course, it is still better than Windows.
As for the first point. Nvidia has always been a mess and even with “normal” distros you still need to enroll your own key. So I don’t think it’s really a con
2 Likes
IMO the main downside to Nobara is it gets slower updates than Fedora, now that it snapshots Fedora instead of pulling directly from their repos. My concern is delayed access to security updates. For example, my Nobara machine only today got the bluez and qemu updates Fedora shipped a few days ago to address CVEs.
There is little reason to use offshoots on desktop imo. If you want Fedora use Fedora, if you want Arch use Arch, etc.
I would argue there’s still a benefit even if it’s a self-signed key after you install the Nvidia driver, since you’re still getting enforcement against any other new kernel components getting added without your knowledge.
The creator of Nobara does awesome work, I just couldn’t see basing the entire OS installation - including custom kernel patches - on work that’s only really being done and reviewed by a single individual / by an extremely small group.
3 Likes
Not necessarily, off-shoot Ubuntu is fine
@KDEBacon
ah, yea spins of Fedora or Ubuntu are almost always kept in sync and are fine
This is the real problem. I’m not sure for how long Eggroll will continue around working on this. I like that certain things were made to mitigate some controversy around Fedora, such as the recent talk about Telemetry. He was clear that it wouldn’t be included in Nobara.
1 Like
Secure Boot does not even come supported out of the box in Qubes.
" Is Secure Boot supported?
UEFI Secure Boot is not supported out of the box as UEFI support in Xen is very basic. Arguably secure boot reliance on UEFI integrity is not the best design. The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested."
You do know secure boot it’s just something made for Windows?
@Voilable
Secure Boot is a general UEFI standard, it is not Windows specific.
It isn’t the most robust, but has some benefits.
It should be noted that Qubes not supporting Secure Boot isn’t really a downside as it has its own more robust implementation: Anti evil maid (AEM) | Qubes OS
Intel TXT is pretty rad, it effectively turns the host OS into its own domain and runs the verification in another distinct domain iirc.
3 Likes
And yea UEFI it’s faster and works less with Linux so, I got my point.
I think you are (unintentionally) restating really out of date misinformation.
Nearly every major linux distro supports (and recognizes the value of) Securing the boot process, and every other major operating system (iOS, Macos, Windows, Android) has implemented some version of secured/verified boot.
A very short and non-exhaustive list of people and projects within Linux that have acknowledged the value of securing the boot process are:
- Linus Torvalds (and other Kernel developers like Matthew Garrett)
- All the major enterprise/security focused distros (including Red Hat, Ubuntu, OpenSUSE)
- Major community distros (including Debian, Arch, and Fedora)
- Even Richard Stallman and the FSF–who are about as anti-microsoft as they come–has acknowledged the potential security benefits of securing the boot process.
The idea that this is some Microsoft scheme to control people / shut out competition from Linux (a popular theory 10 years ago in Linux circles) proved not to be the case, and at this point is just misinformation. The Debian Wiki says it better (and has more credibility) than I do:
What is UEFI Secure Boot?
UEFI Secure Boot (SB) is a verification mechanism for ensuring that code launched by a computer’s UEFI firmware is trusted. It is designed to protect a system against malicious code being loaded and executed early in the boot process, before the operating system has been loaded.
What is UEFI Secure Boot NOT?
UEFI Secure Boot is not an attempt by Microsoft to lock Linux out of the PC market here; SB is a security measure to protect against malware during early system boot. Microsoft act as a Certification Authority (CA) for SB, and they will sign programs on behalf of other trusted organisations so that their programs will also run. There are certain identification requirements that organisations have to meet here, and code has to be audited for safety. But these are not too difficult to achieve.
SB is also not meant to lock users out of controlling their own systems. Users can enroll extra keys into the system, allowing them to sign programs for their own systems. Many SB-enabled systems also allow users to remove the platform-provided keys altogether, forcing the firmware to only trust user-signed binaries.
9 Likes