I see most people use usb pendrives to install Linux distros, but I still use dvd’s. Specially if you are going to do full disk encryption during the install where I feel like the keys could be exposed into the usb pendrive somehow through some crazy exploit, or if you want to use something like Tails to access encrypted data with and you don’t want things out of the encrypted volume in any step (including things going into the usb pendrive). So basically, my thesis is, okay you can write stuff on an usb pendrive, so why would you go and use a device in which data can be written? why not just use a good ol dvd, which even if rewritable, you can lock the session and that’s it? Isn’t it better to rely on dvd’s for this? Maybe this is nonsense and it’s physically impossible that data is written on an usb pendrive or maybe im a visionary when some crazy exploit from mars is found in which data could leak into the usb pendrive and those using dvd’s were protected from it.
It’s possible to use a DVD! Nobody is stopping you from doing that. You have your preferences and that is okay. Don’t call yourself crazy.
However, there are several usage cases where write access is needed. For example, some people may want an encrypted persistence instance and use Tails as a daily driver. Others may want to update the Tails USB directly instead of creating a new DVD for every update. There is also the fact that DVDs and optical drives are not commonly available nowadays. You have to seek those out yourself.
Have you consider using a USB key with a write switch protect or an nvme enclosure with read 0nly option (aka write switch protect) ?
I have read that they are not as safe as DVD-R, but some newer laptop cannot boot from external DVD-drive.
I agree that DVD-R is the more secure choice for operating system installation. I like to know that I have downloaded the .ISO, verified the hash, written the DVD-R (disc-at-once), verified the DVD-R matches the .ISO, and using a Sharpie hand printed the contents on the face of the disc. I use the same DVD-R a dozen or more times installing various systems around the house.
Admittedly, installing an OS from a USB flash drive is faster, but it feels wrong to me. Unless that (unencrypted) USB flash drive is in my possession 24/7, I do not trust what is on it.
Yeah, I didn’t but I supposed there should be some pendrives wit switches similar to back then floppy disks had the write only thing in the corners, well the thing is, you may accidentally forget to turn the switch in read only. This cannot happen with a dvd. Also, who knows if the usb is doing what the switch says, it may break and not activate (not sure how that mechanism works)
So im not the only one. Do you not trust even DVD-RW’s? if you can rewrite stuff, you don’t need to keep a bunch. For instance, if debian updates to Debian 14, I will just rewrite on top of Debian 13 one, or whatever one I have available. To verify everything is as intended, I use whatever verification process CdburnerXP uses (its the software I use to burn stuff on a Windows machine.. which is very lame, but I don’t know what software to use on linux to burn DVDs, if you know one let me know). With the SHA256 verification of the ISO+verification that the disk was properly written, it should be good (as well as PGP verification of the ISO files if provided)
The only valid critique I’ve seen for using DVDs is that.. what if the DVD you are using has a scratch or something, and modifies the contents? then your OS may have some corrupted files potentially. This is the problem of optical media.
I have been using optical media for almost thirty years, and I have found it to be very reliable. If you are careful, it should not get scratched. Inexpensive paper sleeves are better than nothing for protection.
Until recently, I used DVD-RW to keep offline copies of monthly backups of the home folder; however, because of size constraints, I switched to BD-RE. This is one of the many media types I use for backups, and the process has worked well for years.
For computer restoration (disaster recovery) purposes, I keep one copy on DVD-R of each operating system I install. For me, DVD-RW would not buy me anything, and there is the risk that a bad actor could erase and rewrite the DVD-RW with a compromised installer. A ten cent DVD-R with my handwriting on it leads me to think this is safer than DVD-RW.
Flash media is subject to degradation (bit rot) if the media is not powered regularly. I have read that this can begin after approximately a month of non use, but it is much more pronounced after a year.
On Linux Mint, CDRTools burns every media format I have tried, including audio CD-R, data type CD-R, DVD-R, DVD-RW, BD-R and BD-RE:
To store things more frequently on BD-RE, what program do you use and how?
I have not used optical media to store things for years. I only typically will only burn iso images. To store data, it’s just regular SSD or HDD (HDD are better for long term if not used as you mentioned).
The thing is, to do this type of “non-finalized” thing for optical media, I used a windows progrma back then called DirectCD or something like that, where I would store all sort of stuff, like downloaded maps for games, documents, anything I could find that I wanted to keep. I didn’t even knew how it worked, but looks like the idea was that the session was not finalized, and somehow allowed you to use the CD as if it was a folder, so it was like having a 650MB disc which was cool. But I think this was prone to errors, I think I had some problems with this method eventually. Then as bigger HDDs arrived, I didn’t need to do that anymore.
Also, I wouldn’t store my /home/ folder unencrypted, so I would need to place veracrypt volumes in there for example, if I wanted to store things there.
I assume you are doing something like this with the BD-RE’s. Or do you actually burn the contents of the BD, finish the BD session thing, and then when you need to update it, erase it and burn it updated? Doesn’t all this constant erasing and burning damage the disks?
Supposedly, BD-RE can be rewritten a thousand times. I have eleven monthly BD-RE discs that I use, and each disc would be rewritten once a year. They should out last me. On the twelfth month, I write a BD-R and keep it permanently.
I use “duplicity” to back up, compress, and encrypt the necessary folder(s), and then I copy the “duplicity” files to “~/ISO”.
I use “mkisofs” to create an ISO of the contents of “~/ISO”, and then I use “growisofs” to erase the BD-RE and write the new .ISO.
### Create an .ISO of the files:
mkisofs -V "Documents_10" -J -r -iso-level 3 -quiet -o disc.iso ./ISO
### Determine the optical drive device names, and these will may need to be updated in the following lines, for example, "sr1":
lsscsi
### Erase (overwrite with zeroes) a BD-RE:
time growisofs -Z /dev/sr1=/dev/zero ; sleep 2 ; eject /dev/sr1
### Write an .ISO to BD-RE, calculate the hash of the .ISO, and finally calculate the hash of the written disc for comparison:
device=sr1 && growisofs -speed=4 -dvd-compat -Z /dev/$device=disc.iso && blocks=$(expr $(du -b disc.iso | awk '{print $1}') / 2048) && sleep 32 && eject -t /dev/$device && echo "For ISO calculating hash..." && sleep 20 && md5sum disc.iso && echo "For disc calculating hash..." && dd if=/dev/$device bs=2048 count=$blocks | md5sum && eject /dev/$device
I do not use multi-session writing, but you may find the information you need at the Arch Wiki:
Turns out I had a dvd tool installed in Debian called “Brasero”. I tried erasing (here called blanking) the Debian dvd and it failed.. im trying with cdburnerxp on windows on my desktop and it started erasing. So it’s either the software or the dvd drive on my laptop is busted. I have a nice blueray on the desktop but this one is like 15+years, it came with the laptop so maybe I should change it.
In my experience, the Pioneer Blu-ray drives are the most reliable.
Something I don’t like about using optical drives is how noisy they are. Like why do they have to sound like an engine sometimes? And it looks like depending on the dvd it’s more or less noisy. I understand the “click click clack click” noises from when it’s reading contents specially at the beginning when you are for example loading an OS, but it’s that insane car engine sound that sometimes does like it’s exaggerated sometimes. And my drive isn’t some cheapo one or at least I think so. Maybe I should try to find some sort of optical drive tests to guarantee it’s working normally.
The loud ‘whirring’ noises of optical drives is usually directly attributed to the disc itself.