- Dec 3, 2018
- 63
If you want everything and the kitchen sink, especially for editing videos and other media, I would recommend Ubuntu Studio.
Which Linux OS best for everyday work?
- Thread starter Captain Awesome
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Dec 12, 2016
- 1,758
Good to hear you like fedora but it's not surprising as some of the greatest devs including the god of Linux Linus Torvalds use it as a daily driverI disagree with @Vitali Ortzi in terms of practical use of Fedora Silverblue -- I find it a little harder to work with as its system is "immutable" but it gets updates almost every day anyway. I agree with comment re Zorin and I think MX-Linux with xfce4 is also an easy move from windows. I'm getting comfy in linux again and I now prefer fedora workstation 41 w/Gnome. (fwiw)
- Dec 12, 2016
- 1,758
Anyway you can just install the stuff you need to any distribution
I would say UI is more important then a distribution as the common ones are all great (although some better for specific usage)
- Apr 16, 2017
- 2,840
I have Debian with Gnome too. Like it. Gnome maybe takes a more time getting use to than xfce4 imo. (practically speaking re Silverblue what seems like a simple update can take much longer than you'd expect as it writes its various layers (I only vaguely understand its immutability -- good thing I'm retired -- I go watch a movie while it updates
)
- Dec 12, 2016
- 1,758
If you have more time to waste as a new Linux guyI have Debian with Gnome too. Like it. Gnome maybe takes a more time getting use to than xfce4 imo. (practically speaking re Silverblue what seems like a simple update can take much longer than you'd expect as it writes its various layers (I only vaguely understand its immutability -- good thing I'm retired -- I go watch a movie while it updates
You can try kde too it's the most rich desktop environment
Btw about Linux updates taking a while well it literally compiles everything and sometimes stuff will break (that's why many Linux users just don't update and pretend cves , malware doesn't exist to comfort them )
- Apr 16, 2017
- 2,840
I did use KDE in more distant past, for me two DE are enough for now. I thought I'd already have the need to try another distro perhaps with KDE but not feeling the need to leave fedora or silverblue, lately I bounce back and forth between those 2, both with gnome.
- Dec 3, 2018
- 63
I agree, but if you want everything and the kitchen sink, it's not a bad option.
I also enjoy Fedora Silverblue. Acclimating yourself to ostree is the only major hurdle.
Not that I would recommend something I have not tried myself, but I have heard good things about OpenSuse's MicroOs/Aeon as of late.
- Apr 16, 2017
- 2,840
I was exaggerating to some degree, but rpm-ostree is a hurdle, and even when you understand it, it continues to be a "hurdle" every day (from someone who likes silverblue but for sure it is not for everyone).
- May 7, 2016
- 1,490
Ltsc is good option.
How? Can you share please. Fedora is winning my trust. After Ubuntu. Thank you.
- May 7, 2016
- 1,490
Fedora is winning my trust. After Ubuntu. Thank you everyone for sharing your experience and knowledge keep spreading it.
- Apr 16, 2017
- 2,840
I have fedora 41, silverblue 41 & Ubuntu and I like / prefer using fedora although it is hard for me to verbalize why. feels good as I hit keystrokes
- Dec 12, 2016
- 1,758
But we could only know for certain if you start cursing Nvidia like TorvaldsLinus Torvalds keyboard is only used with that distro so maybe it's the holy grail of distrosI have fedora 41, silverblue 41 & Ubuntu and I like / prefer using fedora although it is hard for me to verbalize why. feels good as I hit keystrokes
- Oct 3, 2022
- 679
I really like Fedora with it's SELinux. It covers the defenses of daemons. Too bad it doesn't cover the browser, which is a first line directly attackable vector.
- Dec 12, 2016
- 1,758
On windows hitmanpro.alert uses SGX as a Trusted Execution Environment to protect the jit compiler wich is more efficient method then V8 sandbox google is using since it's hardware based
so you can harden the jit compiler with SGX for Linux or use V8 sandbox
About sandboxing whole chromium from the system you can either use bubblewrap or selinux
Unlike consumer distros big companies should have not just further sandboxing then consumer distros but have more exploit mitigations just like windows , Mac , android , chrome wich should force an attacker in most causes to have extra bugs in the exploit chain to escape the sandboxing layers and gain privileges but these are usually depending if he uses memory based exploits as mitigations are primally made against memory based exploitation
But some hackers are just too good like qwertyoruiop who I remember years ago jailbroken the latest iOS at that time without using a single memory corruption based overflow to get root privileges
as long as you aren't hunted by some actual professional hacker then you shouldn't need to further sandbox vectors like browsers other then what fedora does by default and chrome does by default
Most likely malware will get in your system by some malicious git repository you have used and not from exploitation of the browser as thats targeted only by advanced apt
Last edited:
- Apr 16, 2017
- 2,840
I'm sure you know more about selinux and browsers than me. chatgpt either said it's giving me some browser protection or implied that. In Silverblue I have 2 flatpak browers that run in their own containers with selinux but I currently do not recall the name of that "sandbox" Vitali reminded me above "bubblewrap"
Last edited:
- Apr 16, 2017
- 2,840
I cannot curse in Finnish or Swedish whatever his preference, but I can and have screamed curses (English or Spanish) at my beloved computer
- Dec 12, 2016
- 1,758
Flatpack uses bubblewarp but anyway it should be enough as the browser itself is sandboxed
- Apr 4, 2021
- 437
I can't guarantee that's how it works, but that's ChatGPT's advice, I've also paused for updates for two months for now.
- Nov 9, 2022
- 668
When i want to use Linux again, i always end up with Manjaro again, because it works.
- Oct 3, 2022
- 679
firejail does it better. You can use the firefox-common.profile of the Fortified Ubuntu 24.04 hardening.PDF on fortifiedubuntu.org. The profile mentions apparmor, but it will work without it. For example while the SELinux allows firefox to see the whole /etc directory, firejail only allows it to see a limited subset of files. There are many restrictions laid down in that firefox-common.profile.
There should be some additional restrictions when you make your Fedora user account use the user_u SELinux user. But I didn't really investigate. One restriction I know exists for user_u is that that account couldn't sudo. I think SELinux defines 3 kinds of users, and user_u is the lowest ranking one. There is a xguest SELinux user which you should get if you install the xguest package, but that doesn't work on Fedora 40 - the installed Guest account can't login, perhaps it only works in Red Hat.
[EDIT] If you implement user_u, firejail will say there is an existing sandbox and run your program Without any firejail protection.
Last edited:
Similar threads
