IgnorantGuru's Blog

Linux software, news, and tips

My Move From Arch To Aptosid

I recently moved over to Aptosid, and after a few days of using it I think it’s going to be a keeper as a replacement for Arch. While it’s fresh in my mind, I thought I would share my experience of moving – from the perspective of someone who has used Arch Linux for a couple of years. I’ll give a little background, then a brief summary, then some real details on how I got some things to work.

Background

I wanted to move from Arch Linux for these primary reasons:

  • Lack of package signing and general concerns with the Arch dev’s lax security practices and attitudes (link1 link2 link3)
  • Dislike for how the Arch devs regard their users and contributors

The reasons I was reluctant to give up Arch:

  • Rolling release which I prefer over periodic large upgrades
  • Package availability and the extended AUR user-contributed repository that makes installing most software very easy
  • Ability to have a custom, lightweight, fast system without unnecessary baggage and with mostly vanilla software

My first distro was SUSE, which became a little too corporate, then Kubuntu, which I eventually found too heavily modded. When I moved to Arch, I dropped KDE and set up a minimal Openbox desktop with light, fast apps. My main system has a dual-core CPU and 2G memory, but I find running a light desktop with no swap file gives me a very responsive system that can keep up with my usual multitasking – it waits for me instead of me waiting for it. And my netbook of course runs better too. So I was shopping for a distro where I could set this up without having to remove too much.

I also gave FreeBSD and Gentoo a try, which you can read about here. FreeBSD had trouble supporting my hardware fully, and Gentoo required a lot of tweaking, and also had some security issues. I skipped testing Slackware for now because official packages seemed lacking, and I skipped Gnuffy because it inherits most of the problems of Arch. Then I tried Aptosid.

Enter Aptosid

Aptosid, made by the same developers that created the popular distro Sidux, is a rolling release distro based on Debian’s unstable “sid” branch, with some hot-fixes and scripts added to make it more stable and ready-to-run. Being a Debian system, the user has access to the huge Debian package repos. And I like their attitude, as encapsulated in the Debian Social Contract: “We will be guided by the needs of our users and the free software community.”

Aptosid does not offer a minimal CLI-only install like Arch. There are various ways to install it – generally one of their live ISOs are used (KDE full or lite, XFCE, and coming soon LXDE). I went with their XFCE version: aptosid-2011-01-geras-xfce-amd64 ISO.

After using Arch for so long, the installer caught me by surprise – I felt pampered and spoiled. First, I was expecting a text installer, and instead it booted rapidly and flawlessly into a full and attractive XFCE desktop. There was immediately a feeling of quality – I’ve never seen a live CD boot so fast and flawlessly on my home-made hardware. The GUI installer was very simple with just a few options. The only thing I would change is that it didn’t allow me to select no grub install (I wanted to handle that myself). So I told it to install grub to one of my non-boot drives just to avoid overwriting my boot drive’s MBR. Other than that it was a breeze – not bad for a 435MB ISO!

I then booted into the installed system, which also booted fast and flawlessly, picking up all the hardware without a single miss. The included gdm login manager brought me into an XFCE desktop much like the live version. I was impressed and was definitely enjoying being spoiled like this. The desktop was definitely usable as it was, and I don’t say that about many distros – normally I rip out the carpeting and start remodeling immediately. XFCE was looking the best I’ve seen it, with nice fonts and colors. And the included apps were very sane and useful. Ice Weasel (Firefox) was already in there, and I was online without having to configure a thing. I actually had to stop and consider what I wanted to do next, because I wasn’t expecting to be this far for at least a day! I opened a terminal to see what was running…

Default install processes:

UID    CMD    
root    init [5]   
root    [kthreadd]    
root    [ksoftirqd/0]    
root    [migration/0]    
root    [migration/1]    
root    [kworker/1:0]    
root    [ksoftirqd/1]    
root    [kworker/0:1]    
root    [cpuset]    
root    [khelper]    
root    [netns]    
root    [sync_supers]    
root    [bdi-default]    
root    [kintegrityd]    
root    [kblockd]    
root    [kacpid]    
root    [kacpi_notify]    
root    [kacpi_hotplug]    
root    [kseriod]    
root    [kworker/1:1]    
root    [kswapd0]    
root    [ksmd]    
root    [fsnotify_mark]    
root    [aio]    
root    [crypto]    
root    [khubd]    
root    [ata_sff]    
root    [scsi_eh_0]    
root    [scsi_eh_1]    
root    [scsi_eh_2]    
root    [scsi_eh_3]    
root    [scsi_eh_4]    
root    [scsi_eh_5]    
root    [scsi_eh_6]    
root    [scsi_eh_7]    
root    [kworker/u:5]    
root    [kworker/u:6]    
root    [usbhid_resumer]    
root    [kstriped]    
root    [kjournald]    
root    udevd --daemon   
root    udevd --daemon   
root    udevd --daemon   
root    [kpsmoused]    
root    [kworker/0:2]    
root    [hd-audio0]    
daemon  /sbin/portmap    
root    /usr/sbin/rsyslogd -c4   
root    /usr/sbin/irqbalance    
root    /usr/sbin/anacron -s   
user    /usr/sbin/famd -T 0  
root    /usr/sbin/gpm -m /dev/input/mice -t exps2
101     /usr/bin/dbus-daemon --system   
root    /usr/sbin/cron    
root    /usr/sbin/acpid    
root    [kondemand]    
root    /usr/sbin/bluetoothd    
root    [kconservative]    
root    /usr/sbin/cupsd -C /etc/cups/cupsd.conf  
103     /usr/sbin/hald    
root    hald-runner    
root    [l2cap]    
root    [krfcommd]    
root    hald-addon-input: Listening on /dev/input/event4... 
root    /usr/lib/hal/hald-addon-cpufreq    
103     hald-addon-acpi: listening on acpid socket
root    hald-addon-storage: polling /dev/sr0 (every 2
root    hald-addon-storage: no polling on /dev/fd0...
root    /usr/sbin/gdm    
root    /usr/sbin/gdm    
root    /usr/bin/X :0 -audit 0 -auth
root    /sbin/getty 38400 tty1  
root    /sbin/getty 38400 tty2  
root    /sbin/getty 38400 tty3  
root    /sbin/getty 38400 tty4  
root    /sbin/getty 38400 tty5  
root    /sbin/getty 38400 tty6  
root    dhclient -v -pf /var/run/dhclient.eth0.pid -lf
root    [flush-8:0]    
root    [kauditd]    
root    /usr/sbin/console-kit-daemon --no-daemon   
user    /bin/sh /etc/xdg/xfce4/xinitrc -- /etc/X11/xinit/xserverrc 
user    /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session startxfce4 
user    /usr/bin/dbus-launch --exit-with-session startxfce4  
user    /usr/bin/dbus-daemon --fork --print-pid 5 --print-address
user    /usr/bin/xfce4-session    
user    /usr/lib/xfconf/xfconfd    
user    xfsettingsd    
user    xfwm4    
user    xfce4-panel    
user    Thunar --daemon   
user    xfdesktop    
user    /usr/lib/xfce4/panel-plugins/xfce4-menu-plugin socket_id 14680095 name xfce4-menu
user    /usr/lib/gvfs/gvfsd    
user    xfce4-settings-helper    
user    xfce4-terminal    
user    gnome-pty-helper    
user    bash    
root    su    
root    bash    

 

Not bad at all – nice and lightweight. The first bonus I found was that I had a great little XFCE system already running, from which to build my openbox setup. I figured once I had that running I could remove whatever I didn’t want. This meant that I had a working browser to research the install and any problems, configured terminal, editor, etc.

As I began working on the system’s internals, I definitely had the impression that this was something someone took some time to put together well. It had a refined quality to it. I also noticed attention to security details – lots of little and not-so-little settings and refinements that I wasn’t used to seeing in Arch’s default configurations. Debian packages are definitely put together carefully and well configured. At the same time Aptosid’s packages tend to be more vanilla and cutting edge than Debian proper.

Probably the biggest difference from Arch are the runlevels and init system. But I was used to this from Ubuntu, so I dug out my old notes, and I found that my experience with Arch put me in a good position to know what was happening and what to adjust to my liking. Most of it worked as is, and worked well.

Once I installed openbox (apt-get install openbox), I was immediately able to select openbox as my session and I was into the usual plain gray openbox desktop – nothing to it. Here’s what was running in the openbox session – even less:

Default Openbox session processes:

UID    CMD    
root    init [5]   
root    [kthreadd]    
root    [ksoftirqd/0]    
root    [migration/0]    
root    [migration/1]    
root    [kworker/1:0]    
root    [ksoftirqd/1]    
root    [kworker/0:1]    
root    [cpuset]    
root    [khelper]    
root    [netns]    
root    [sync_supers]    
root    [bdi-default]    
root    [kintegrityd]    
root    [kblockd]    
root    [kacpid]    
root    [kacpi_notify]    
root    [kacpi_hotplug]    
root    [kseriod]    
root    [kworker/1:1]    
root    [kswapd0]    
root    [ksmd]    
root    [fsnotify_mark]    
root    [aio]    
root    [crypto]    
root    [khubd]    
root    [ata_sff]    
root    [scsi_eh_0]    
root    [scsi_eh_1]    
root    [scsi_eh_2]    
root    [scsi_eh_3]    
root    [scsi_eh_4]    
root    [scsi_eh_5]    
root    [scsi_eh_6]    
root    [scsi_eh_7]    
root    [kworker/u:5]    
root    [kworker/u:6]    
root    [usbhid_resumer]    
root    [kstriped]    
root    [kjournald]    
root    udevd --daemon   
root    udevd --daemon   
root    udevd --daemon   
root    [kpsmoused]    
root    [kworker/0:2]    
root    [hd-audio0]    
daemon  /sbin/portmap    
root    /usr/sbin/rsyslogd -c4   
root    /usr/sbin/irqbalance    
root    /usr/sbin/famd -T 0  
root    /usr/sbin/gpm -m /dev/input/mice -t exps2
101     /usr/bin/dbus-daemon --system   
root    /usr/sbin/cron    
root    /usr/sbin/acpid    
root    [kondemand]    
root    /usr/sbin/bluetoothd    
root    [kconservative]    
root    /usr/sbin/cupsd -C /etc/cups/cupsd.conf  
103     /usr/sbin/hald    
root    hald-runner    
root    [l2cap]    
root    [krfcommd]    
root    hald-addon-input: Listening on /dev/input/event4 /dev/input/event2
root    /usr/lib/hal/hald-addon-cpufreq    
103     hald-addon-acpi: listening on acpid socket
root    hald-addon-storage: polling /dev/sr0 (every 2
root    hald-addon-storage: no polling on /dev/fd0...
root    /usr/sbin/gdm    
root    /usr/sbin/gdm    
root    /sbin/getty 38400 tty1  
root    /sbin/getty 38400 tty2  
root    /sbin/getty 38400 tty3  
root    /sbin/getty 38400 tty4  
root    /sbin/getty 38400 tty5  
root    /sbin/getty 38400 tty6  
root    dhclient -v -pf /var/run/dhclient.eth0.pid -lf
root    [flush-8:0]    
root    [kauditd]    
root    /usr/sbin/console-kit-daemon --no-daemon   
root    /usr/bin/X :0 -audit 0 -auth
user    /usr/bin/openbox    
user    /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session openbox-session 
user    /usr/bin/dbus-launch --exit-with-session openbox-session  
user    /usr/bin/dbus-daemon --fork --print-pid 5 --print-address
user    /usr/bin/xfce4-terminal    
user    /usr/lib/gvfs/gvfsd    
user    gnome-pty-helper    
user    bash    
root    su    
root    bash    

 
I then did a full upgrade. The devs recommend you always use apt-get directly. GUI apps like Synaptic can be used to search and explore the system, but they don’t handle Aptosid’s rolling release mechanisms. For a full system upgrade, they ask that you exit X and switch to runlevel 3 for the install. First I downloaded required packages while still in X:

apt-get update
apt-get dist-upgrade -d  # download but don't install yet

Then I exited X and:

init 3
apt-get dist-upgrade
apt-get clean
# and a reboot (or you can "init 5" to return to X)

 
Next I installed my printer, which is sometimes a hassle. Only things to resolve were getting the right 32 bit libraries for the driver and a little problem with scanning as a normal user – solutions for Debian on the Brother website worked. Then I installed the Nvidia proprietary driver – needed for the TV-Out on my card instead of nouveau.

With those working, I felt confident that I would be using Aptosid for good. I disabled gdm and set the system up to go straight into Openbox, and got into configuring it, turning off some unneeded daemons, etc. (details below).

Installing additional software is a breeze with apt-get, and the packages are PGP signed. I was happy to find that every single piece of software I wanted was in the repos, including a handful that had been in Arch’s AUR. And I carefully removed a few things, although I found the default XFCE components were small and reasonable, so I left a lot of it be – never hurts to have alternate apps available.

Moving my home folder from Arch left all my software configured – it all worked perfectly – no adjustments to the home folder were required.

When all was done, my system used 3.33GB, compared to 3.88GB on Arch, which surprised me. Same software plus the XFCE stuff I didn’t have on Arch came out smaller! Part of the explanation could be the fact that Aptosid offers split packages for libreOffice, so I only installed writer and calc.

The system has been running well for several days – thus far it is very stable and fast. In general I’m very impressed with how much I was able to accomplish with relatively little effort.

Like Arch, Aptosid is cutting edge, so occasional breakage is the norm. On my most recent dist upgrade the nvidia kernel source build gave an error, so I stuck with the previous kernel. This is a known issue having to do with Nvidia not keeping up, and the Aptosid devs recommended just using the prior kernel for the time being. Someone also posted an easy fix for the source, but I haven’t tried that. That is the only unresolved issue I have at this point. Looking at and using my desktop, I wouldn’t even know I changed distros.

The main difference is with Arch you install software and configure it, whereas with Aptosid the software is more carefully configured, but you may want to trim back some things. With the lighter components I used this was very minimal, and I actually appreciated using a configuration that had some work already put into it. Aptosid seems nicely positioned between the bare minimum of Arch and the overdone complexity of Ubuntu.

So based on a few days worth of experiences, I definitely am liking Aptosid, which I find to be an interesting mix of concepts. It’s rolling release and ‘unstable’, yet polished and refined, and quite stable for use (thus far, and from what I’ve read). It’s a small distro, yet can take advantage of the huge repos and issue support of Debian (many solutions to problems are on Debian forums, and I still use the Arch Wiki as well – much of the content is generic). And the packages seem to be sanely configured with an emphasis on security. Nice job Aptosid!

Nitty Gritty

Below are my detailed and commented install notes, which show how I resolved a few problems and got things working the way I wanted.

# INSTALL NOTES FOR aptosid-2011-01-geras-xfce-amd64-201102051540

apt-get update

# disabled swap in fstab

# install openbox and some basic apps
apt-get install nano openbox geany

# Disable gvfs daemon (disabling it this way will cause it to come back
# on an update, so I will look for a better solution
mv /usr/share/dbus-1/services/gvfs-daemon.service \
   /usr/share/dbus-1/services/gvfs-daemon.service-disabled
mv /usr/share/dbus-1/services/gvfs-metadata.service \
   /usr/share/dbus-1/services/gvfs-metadata.service-disabled

# Disable password agents
sed -i 's/^use-ssh-agent[[:blank:]]*/#use-ssh-agent/' /etc/X11/Xsession.options

# Remove insane syntax highlighting in nano
sed -i 's/^\(include .*\)/#\1/' /etc/nanorc  # fix colors

# Add some items to /etc/sysctl.conf:
    # Disable the magic-sysrq key (console security issues)
    kernel.sysrq = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Reduce disk activity for SSD to 240 seconds
    vm.dirty_ratio = 40
    vm.dirty_background_ratio = 1
    vm.dirty_writeback_centisecs = 24000

# Add to rc.local for SSD:
    # Set sda to use deadline scheduler
    echo deadline > /sys/block/sda/queue/scheduler
    echo 1 > /sys/block/sda/queue/iosched/fifo_batch

# Install some more software
apt-get install amule amule-utils asunder chkrootkit clamav claws-mail \
claws-mail-trayicon crystalcursors deluge-gtk dnsutils dosfstools file-roller \
flashplugin-nonfree fsarchiver geeqie gftp-gtk ghex gimp gtk2-engines imagemagick \
inotify-tools jhead ktsuss leafpad libgd2-xpm-dev libreoffice-calc \
libreoffice-writer lxpanel mencoder mozilla-plugin-vlc mpg123 netcat-openbsd \
partimage pcal pdnsd pianobar pidgin rdate roxterm secure-delete shell-fm \
smplayer smplayer-themes speedcrunch sqlite3 stunnel sun-java6-jre synaptic \
tango-icon-theme ttf-mscorefonts-installer unetbootin unrar uuid-runtime vlc \
x11-apps xdiskusage xpad xscreensaver xterm

# Setup my Brother MFC-7420 Laser Printer/Scanner:

    # add user to lpadmin group so user password can configure cups
    gpasswd -a user lpadmin

    # Install the drivers (some errors below are normal)
    apt-get install ia32-libs 
    dpkg -i --force-all --force-architecture brmfc7420lpr-2.0.1-1.i386.deb
    mkdir /usr/share/cups/model/
    dpkg -i --force-all --force-architecture cupswrapperMFC7420-2.0.1-2.i386.deb
    ln -s /usr/lib/libbrcomplpr2.so /usr/lib32/libbrcomplpr2.so
    dpkg -i brscan2-0.2.4-0.amd64.deb

    # Visit http://localhost:631 to admin cups

    # Let users in group scanner use scanner:
    nano /etc/udev/rules.d/z60_libsane.rules  # creates file, add:
        # Brother
        SYSFS{idVendor}=="04f9", MODE="0666", GROUP="scanner", ENV{libsane_matched}="yes"

    # Fix printer margins for newer cups:
    nano /usr/local/Brother/inf/brMFC7420rc  # change:
        PaperType=Letter

# Video Card Setup
    # first edit /etc/apt/sources.list.d/debian.list to include unstable non-free
    apt-get update
    apt-get install nvidia-kernel-source nvidia-kernel-common dmakms
    echo nvidia-kernel-source >> /etc/default/dmakms
    m-a a-i nvidia-kernel-source
    apt-get install nvidia-glx
    # REBOOT
    # Manual Notes:
    #    # When xorg updates you only need to reinstall nvidia-glx:
    #        apt-get install --reinstall nvidia-glx
    #    # When the nvidia-kernel-source is updated:
    #        m-a a-i nvidia-kernel-source
    #        apt-get install --reinstall nvidia-glx

# Disable gdm:
update-rc.d gdm disable

# Add another user
useradd -s /bin/bash -m -u 1001 extrauser
usermod -G extrauser cdrom,audio,video,users

# Build pcmanfm-mod without hal support (hal is running on aptosid but I don't
# use the pcmanfm-mod volume management).  (Aptosid uses fam by default and this
# seems to work better than gamin did in Arch.)
apt-get install intltool pkg-config libgtk2.0-dev libstartup-notification0-dev libfam-dev
# skip install of: libhal-storage-dev libhal-dev
# unpack pcmanfm-mod tarball
./configure --disable-hal --prefix=/usr  # HAL support disabled this way
make
sudo make install
sudo install -c -m 755 pcmanfm-opener /usr/bin
sudo update-mime-database /usr/share/mime
sudo update-desktop-database

# Stop PC speaker beeping
nano /etc/inputrc  # edit:
    set bell-style none
nano /etc/modprobe.d/blacklist  # add:
    blacklist pcspkr

# Repair windows key - by default it was mapped to another key which caused
# my openbox keyboard shortcuts to not work:
# Info: http://bda.ath.cx/blog/2010/11/14/windows-key-in-aptosidsiduxdebian/
nano /etc/default/keyboard  # change:
    XKBOPTIONS="lv3:ralt_switch,compose:lwin,grp:alt_shift_toggle"
# to:
    XKBOPTIONS="lv3:ralt_switch,grp:alt_shift_toggle"

# FULL UPDATE
apt-get update
apt-get dist-upgrade -d  # downloads but not install
# IMPORTANT: exit X, login to tty
init 3
apt-get dist-upgrade
apt-get clean

# edit /etc/sudoers with desired defaults

# Set static IP:
nano /etc/network/interfaces  # disable dhcp line and add:
    # Static
    iface eth0 inet static
    address 192.168.1.100
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255
    gateway 192.168.1.1

# Note: the default init script for pdnsd didn't work for me because it seemed
# to have an error in it, and it also expected the cache to be in the default
# location.  So I disabled that script and installed a modified one.

# Add more loop devices 1 thru 7
nano /etc/modules   # add:
    loop max_loop=8

# Add libdvdcss2 for DVDs:
gpg --recv-keys 07DC563D1F41B907 && gpg -a --export 07DC563D1F41B907 | sudo apt-key add -
# edit /etc/apt/sources.list.d/debian.list to include:
    deb http://www.debian-multimedia.org sid main
apt-get update
apt-get install libdvdcss2

# Fix crystal cursor missing drag-n-drop cursors
cd /usr/share/icons/crystalgreen/cursors
ln -s question_arrow dnd-ask
ln -s link dnd-link
ln -s left_ptr dnd-move
ln -s left_ptr dnd-none

# Install Google Earth 6
    # NOTE: To prevent exim4 MTA being installed as a dependency for lsb-core
    # I created a dummy package (exim4 is not really needed):
	apt-get install equivs
	nano exim4.ctl  # create, add contents:
		Section: web
		Package: exim4-dummy
		Provides: exim4, exim4-base, exim4-config, exim4-daemon-light, mailutils
		Description: EXIM4 dummy package
		 This package provides dpkg with the information that
		 there is a local mail server installed.
	equivs-build exim4.ctl
	dpkg -i exim4-dummy_1.0_all.deb

    # NOTE: To prevent at being installed as a dependency for lsb-core
    # I created a dummy package:
	apt-get install equivs
	nano at.ctl  # create, add contents:
		Section: web
		Package: at-dummy
		Provides: at
		Description: at dummy package
		 This package provides dpkg with the information that
		 this package is installed.
	equivs-build at.ctl
	dpkg -i at-dummy_1.0_all.deb

    # Download google-earth-stable_current_amd64.deb (from earth.google.com)
    dpkg -i google-earth-stable_current_amd64.deb
    apt-get intall ia32-libs ia32-libs-gtk lsb-core
    # someone said lib32nss-mdns was needed but it doesn't appear to be
    # with above, works but no image - add nvidia 32bit libs (thanks dibl)
    apt-get install nvidia-glx-ia32

    # IMPORTANT: google deb also installs:
        /etc/cron.daily/google-earth
        /etc/apt/sources.list.d/google-earth.list
        plus some mime stuff in /usr/share/applications
    # so I remove it:
    rm /etc/cron.daily/google-earth
    rm /etc/apt/sources.list.d/google-earth.list
    nano /usr/share/applications/mimeinfo.cache   # remove google entries
    nano /usr/share/applications/defaults.list   # remove google entries
        application/keyhole=google-earth.desktop
        application/vnd.google-earth.kml+xml=google-earth.desktop
        application/vnd.google-earth.kmz=google-earth.desktop
        application/earthviewer=google-earth.desktop
    # NOTE: Since its closed-source, consider running google-earth in a sandbox
    #       such as sandfox.

# Uninstall some unneeded (by me) and unwanted things:  (frees 146MB)  (I checked
# these carefully for dependencies, otherwise apt-get can take out half your system -
# use "apt-get -s remove PKGNAME" to simulate and see what it will do, or check using
# Synaptic (but always use apt-get directly to do the actual removal)
apt-get purge abiword aptosid-manual-de bluetooth bluez br2684ctl busybox ceni \
cifs-utils fluxbox foo2zjs gcalctool gnumeric gpicview gxine gxineplugin hpijs \
hpijs-ppds hplip hplip-cups hplip-data iceweasel-l10n-de lvm2 mc mlocate \
myspell-de-de nmap openssh-server orage pcmciautils ristretto samba-common splix \
squeeze thunar-volman transmission vpnc xarchiver xfburn

# Remove unneeded locales (languages) to free 300MB:
apt-get install localepurge  # unselect all but selected ones in your language!
localepurge

# Fix clock keeps changing on every boot
nano /etc/default/rcS  # change:
    UTC=no

# disable daemons I don't want (many of these don't actually start and some aren't
# even installed anymore, but I trim them anyway).  I use a script for this:
update-rc.d acpid disable
update-rc.d atd disable
update-rc.d bluetooth disable
update-rc.d clamav-freshclam disable
update-rc.d cpufrequtils disable
update-rc.d cryptdisks disable
update-rc.d cryptdisks-early disable
update-rc.d dns-clean disable
update-rc.d exim4 disable
update-rc.d fuse disable
update-rc.d lvm2 disable
update-rc.d pcmciautils disable
update-rc.d pppd-dns disable
update-rc.d resolvconf disable
update-rc.d saned disable
update-rc.d ssh disable
update-rc.d stunnel4 disable
update-rc.d virtualbox-ose-guest-utils disable

# Yet to do:
# install the genuine cdrtools instead of wodim
# disable ipv6 for speed?

March 31, 2011 - Posted by | Tips

67 Comments

  1. I’ve been increasingly fed up with Arch for a long time, but haven’t tried anything better so far. When my new laptop arrives, I’ll certainly give this a go, but I’m not a fan of xfce myself.

    Comment by betamax | March 31, 2011

    • This thread is an interesting read. Even though the devs there say there are no plans for a cli-only installer, I could see it happening at some point – it lends itself to it.

      But the xfce stuff didn’t get in my way – it was actually handy to have it there while I was getting openbox set up. And actually they did a nice job – I never cared much for the look of xfce but I’ve never seen it like this – pretty sharp. I should also mention that fluxbox was also included as a session option.

      Comment by igurublog | March 31, 2011

  2. Glad you like Aptosid. I’ve posted a link to this article in our Community Forums. Enjoy.

    Comment by detaos | March 31, 2011

  3. add the frickelplatz source in /etc/apt/sources.list.d/

    deb http://frickelplatz.de/debian/ sid main contrib non-free

    That will take care of the nvidia issue, plus 64-bit chromium-browser (if you need it).

    Comment by dibl | March 31, 2011

  4. After dibl’s recommendation a few weeks ago on the Kubntu forum I installed the KDE4 version of aptosid. (I’m a KDE fan!) The partition setup is somewhat non-intuitive but experienced users will have no problems. Other than that the install was easy. The KDE4 version is classic, although not 4.6, but the themes are beautiful. I like leading edge KDE distros and if Kubuntu ever falters I know where my goto distro is.

    Comment by GreyGeek | March 31, 2011

  5. Hi.
    Currently an Arch user, but I’d like to know how Aptosid compares with regards to overall responsiveness and boot times?

    Also, what kernel do they cuurently use? Is it the vanilla Sid 2.6.37/38 or a custom compiled one?

    Thanks.

    Comment by Nimphtus | April 1, 2011

    • Current kernel is vmlinuz-2.6.38-2.slh.2-aptosid-amd64. Aptosid does compile their own cutting edge kernel (based on what I read in the nvidia thread).

      I didn’t measure the boot time because it was simply FAST. I would say close to Arch – possibly a bit faster or slower, but not much difference.

      Responsiveness is great in general. I think some of the priorities are different, but these can be adjusted. I have noticed little differences in the paint times on some apps like Geany and Firefox – just a hair slower (a few milliseconds, but within my visual range to detect). But other things seem quicker. Nor have I optimized things yet – still getting to know the system.

      Playing video, for example, it’s completely smooth. I definitely haven’t encountered any video, audio, mouse or keyboard pauses, etc., which would drive me crazy.

      Comment by IgnorantGuru | April 1, 2011

      • Thanks for the reply, Guru :)

        I hope you keep us updated on any future optimizations you make to your aptosid system.

        Goes without saying that I’m extremely interested, and might take the plunge when I find some time later.

        Best Regards.

        Comment by Nimphtus | April 1, 2011

        • Will do. I think the live CD will give you a decent idea. The xfce one booted very fast – can’t speak for KDE.

          Today I figured out how to remove exim4 (MTA) even though it’s a dependency of lsb-core (required by the google-earth 6 monster). I updated the Nitty Gritty details section above with that info.

          And I figured out how to make my own script the system’s MTA – silly to run a full MTA just to catch root’s mail. (No MTA was installed by default.) I might make a howto on this when I get a chance. Pretty easy.

          Comment by IgnorantGuru | April 1, 2011

  6. the static ip can also be done with ceni. aptosid’s network tool.

    Comment by se7en | April 1, 2011

  7. IG,

    You might want to give GRML a go one of these days. I’ve heard great things about it from many ‘serious’ *nixers.

    It’s touted as a ‘Live’ system, but most install it to their internal drive (via grml2hd, if I remembered right) and find that it’s possibly the snappiest Debian based distro out there. It’s said that GRML’s small iso (sid derived) installs less than Debian’s own net.iso base.

    Another benefit is that it comes with zsh set as default shell, and a pretty good .zshrc to boot (my Arch setup uses a GRML derived zshrc that someone ported to AUR)

    Main page – http://grml.org/
    Daily snapshots – http://daily.grml.org/
    GRML zshrc – http://grml.org/zsh/

    Comment by Nimphtus | April 2, 2011

  8. If aptosid meets your needs, great. I was wondering if you considered Sabayon at all. I don’t use it, but it is a rolling release distro that is Gentoo-based, and features Entropy package manager (so you wouldn’t be reliant on Portage). It has both a CoreCDX (Fluxbox) edition as well as a SpinBase (no GUI) edition (in addition to offering KDE, GNOME, Xfce, LXDE, & Enlightenment editions).

    http://forum.sabayon.org/viewtopic.php?f=60&t=22982

    Comment by Anonymous | April 3, 2011

    • So far so good with aptosid – nice system. Sabayon has some promising aspects – I did come across it at one point in my shopping. At this point I’m a little concerned with Gentoo as apparently it suffers some unsigned package issues, as came up in the comments to the LWN article on Arch:

      > Unless I’m out of date I believe Gentoo has also always suffered this, and continues to do so.

      You are many years out of date :) Gentoo’s portage has had the ability to use GPG to sign and verity package manifests since 2004: http://www.gentoo.org/news/20041021-portage51.xml

      What is true is that there seems to be no policy requiring Gentoo developers to sign manifests, and as a result, many developers never bother to do so and thousands of packages remain unsigned.

      Sounds like Sabayon would inherit these as it uses Gentoo unstable repos. I haven’t looked into the details on this, but I think anyone considering Gentoo or derivatives should review the issues.

      Comment by IgnorantGuru | April 3, 2011

  9. Especially like the install notes and the fact that you keep openbox.
    Gonna try Aptosid too soon.
    Would be nice to hear what you do miss leaving Arch. For instance the rc.conf file , easy daemon setup. And don’t you miss the easy compiling with packer or what you used before for Aur?

    Comment by Pablo | April 3, 2011

    • I do like Arch’s simpler init system, but once you get to know update-rc.d it’s good enough. Just a matter of translation.

      I think the AUR is a great idea that would benefit any distro. I haven’t actually missed it yet because all the software I wanted was already available, except for pcmanfm-mod which compiled fine. The debian repos are hard to beat – something I missed while using Arch, but the AUR made up for it.

      Working on aptosid with an Arch background is actually pretty fun. Like having a well made system to explore, while also knowing how to adjust it and make it do what you want. I’ve learned a lot already, and most of it is pretty cool.

      Also, I haven’t used any GUI configuration apps – not a one. By choice – I know they have some in there. Only GUI system tool I’ve used is Synaptic, which I just like for exploring the installed package database, dependencies, etc. But even there I mostly use apt-get, apt-cache, and dpkg aliases. It’s a great CLI system.

      Comment by IgnorantGuru | April 3, 2011

  10. My trek forth and back trying distro after distro – I started with Kubuntu for a year or so then migrated to Sidux for a good year and then, only after the LOAD_CYCLE_COUNT issue fried my laptop’s HDD, I tried Arch and now I think I just stayed with Arch because the documentation/wikis were so much better and the packages were a bit newer.

    Now with the package signing and overall security concerns, I’m thinking about going back to Sidux, aka Aptosid. The question I haven’t answered for myself is why go to Aptosid instead of just Debian Sid? I just checked and the packages that I use on a regular basis are very up-to-date and it’s obviously one less layer removed from stock Debian, less customization to have to worry about in terms of security, e.g. how Aptosid compiles it’s own custom kernel.

    What’s kept you or anyone that’s in the same boat from just sticking with Debian Sid?

    Comment by LoyalArchUser | April 5, 2011

    • Good questions. Personally, I figured Aptosid would be a bit more stable & refined than plain sid – at least that’s what they claim is their purpose, and a number of people suggested aptosid to me specifically. But I can’t say I know the differences well. There is some info on the Quick Start page:

      The kernel is aptosid optimised to help offset issues, add new functionality, or configured for faster performance and better stability and tweaked from latest kernel from http://www.kernel.org/

      aptosid run levels are different to debian see: aptosid runlevels – init

      You might inquire on their forum what the specific differences are – the devs seem to participate there. I would be interested too.

      I haven’t done many upgrades yet, but thus far my system is running very well. Having the system and packages pre-configured is a little different. But I’m seeing a benefit – it looks like more effort goes into security settings. With Arch, I think people tend to install a package and use it with minimal configuration. The problem with this, which I’m now realizing better, is that most Arch packages are not really setup for good security or integrated with other components – this is considered the user’s responsibility (but how many users take the time to address these refinements?) I’ve picked up some good ideas from how the packages come configured on Aptosid. And it’s definitely far less busy than Ubuntu (my only other Debian derivative) – pretty sane defaults. For example, sound has worked without my doing anything, and it’s using my preferred server by default – alsa. There seems to be a decent respect for simplicity.

      Comment by IgnorantGuru | April 6, 2011

  11. Interestingly enough also Linux Mint XFCE is switching to Debian and a rolling release model: http://blog.linuxmint.com/?p=1725
    “Rolling editions do not carry version numbers. They follow the Debian Testing branch. Because of their rolling nature, they’re receiving continuous updates and their version number never changes (technically it’s always “1″ though we do not mention it since it’s not relevant). Note the absence of version number in “Linux Mint Xfce” for instance, indicating its rolling nature.

    An important thing to notice is the fact that rolling editions are in constant evolution but that a particular ISO image is a snapshot of this edition at a particular time. So, though rolling editions do not get outdated, ISO images do. For this reason we use a timestamp for our ISO images, such as “Linux Mint Xfce (201104)”.

    Would be interesting to compare in configuration, stability and snappiness/

    Comment by Pablo | April 7, 2011

  12. I am a Linuxer who uses Debian testing, installed from the netinstall cd, with standard and notebook and every other option unchecked, which gives me a core Debian system, which I then proceed to build to my liking. Despite the teenage hubris of Arch users, I believe I have a system as customizable and up to date (currently running .38-2 kernel for example) as Arch, with better program selection and high grade security. Debian is simply what Linux is meant to be, technically and politically.

    Now, reading your blog, I am under the impression that you know your way around computing (certainly much more than me, I’m a journalist by trade), so I am puzzled by two things. One, why did you use Arch for a full year, knowing full well its unacceptable shortcomings? And two, what’s the advantage of Aptosid over running Debian sid, and why sid, and not testing, if stability is an issue? Especially if you don’t shy away from building your own system to your liking (as using Arch in the first place seems to suggest – I guess nobody goes for that distro so they could have no security, there’s other motivation…)

    Comment by istok | April 7, 2011

    • > One, why did you use Arch for a full year, knowing full well its unacceptable shortcomings?

      I did not know “full well” for a year – I discovered the extent of the security problems when I looked into it in detail some weeks ago. My lack of awareness was due to bad assumptions on my part (I thought any major distribution would have the sense to secure mirrors, especially with the tools available for decades), and also due to the policy on the forums of removing info embarrassing to the devs. When I did look into it, the poor attitudes of the primary devs is what drove me away from Arch more than any one security problem – I realized they simply don’t care about their users (security or anything else), to put it mildly.

      > And two, what’s the advantage of Aptosid over running Debian sid, and why sid, and not testing, if stability is an issue?

      You tell me – you’re the experienced Debian user. How about providing a summary of the benefits of these options as you see them – I’m sure others will appreciate it, as will I. As for why I tried Aptosid – it was recommended and looked capable, and I’m still using it because it’s doing the job. I doubt I’ll change right away (tired of reinstalling), but I’m always open to things done smartly, and at some point I may try other Debian variants, Slackware, SalixOS, Mint, or others that have been brought to my attention. Thanks.

      Comment by IgnorantGuru | April 7, 2011

      • I’m not going to do a Testing vs Sid comparison, as I’m sure the are others far more capable than I at explaining.

        One thing I will share;
        Some seasoned Debianites seem to prefer Sid over Testing mainly because of the rate broken packages get fixed. As you know, Testing and Sid aren’t constantly rolling like Arch or Gentoo. Both go into a “frozen” state for a few months once every 2 years or so (usually close to an official release of Stable). Yes, Testing is probably more stable than 90% of distros out there, but you still get breakage, especially just after the repos get unfrozen following an official release of Stable. In this case, fixes often make their way into the Unstable/Sid repos first (lets forget about Experimental for now, shall we), while it might take some weeks for these fixes to make their way to Testing.

        Another reason (I’m told) is that packages in Unstable/Sid are more “vanilla” (as the package devs intended) compared to those in Testing or Stable which have been modified for better Debian integration.

        Comment by Nymphtus | April 7, 2011

        • Thanks – good to know. I’m a fan of packages that are left fairly vanilla. I found that many problems in Ubuntu were caused not by the original developers but by careless and heavy-handed modding, and then those bug reports were not addressed properly. Ubuntu is probably the extreme in this behavior.

          I actually don’t mind breakage as long as it is eventually addressed, or can be addressed by the user adjusting some config. That is part of rolling release. I always have a reasonably recent backup available, and if I don’t like an upgrade, roll it back.

          Comment by IgnorantGuru | April 8, 2011

      • When you decide to try out other Debian variants, give CrunchBang Linux a test drive; http://www.crunchbanglinux.org. You can make it a rolling release by modifying the sources list to point to Debian unstable versus stable repos. There is even a forum specifically for CrunchBang users running unstable. You will find the forums to be very friendly as well.

        Comment by Kurt | June 22, 2012

        • Tell them “KrunchTime” referred you.

          Comment by Kurt | June 22, 2012

  13. Good day.

    After having read your impressions on aptosid and coming from Ubuntu, I agree with your findings regarding the distro.

    I guess when one tries Linux they come upon either a very bare distro that can be built up to one’s liking but end up spending more time building it instead of using it, or a heavily modded distro mostly for beginners with lots of eye candies and conveniences but ends up trimming the fats from it.

    You particularly mentioned the use of fam in aptosid over gamin. I would like to ask if you ever encountered the fam daemon using up 100% of one core of your cpu. After some considerable minutes of waiting you find that the only way to stop it is to kill it. I have seen this happen a couple of times and I wonder if you might have some info regarding this unexpected behavior.

    /m

    Comment by milithruldur | April 7, 2011

    • Hi, There does seem to be a bug in fam on this. I encountered it when for some reason I had disabled the fam daemon from starting at boot, and manually started it later in the session. It kept pegging one core as you describe. I stopped and started it several times, but it kept doing this.

      However, when started at boot, I’ve yet to have it do this, so it hasn’t been a problem for me. Maybe try starting it at an earlier runlevel (it’s started in 2 thru 5 on mine). You could also see if there’s a bug report on this.

      Comment by IgnorantGuru | April 8, 2011

      • I have not yet found a recent bug report on it, although I have found that Gamin might be a better alternative to Fam:

        ‘Gamin has been designed as a drop-in replacement for FAM with security
        and maintainability in mind and can use Linux’s advanced inotify
        service when available.’

        I’m not sure why Fam would be used in aptosid instead of Gamin. As a workaround I opted to replace it with Gamin, and I have several things to say about this:

        1) If you manually remove fam and libfam0 packages then this will remove other packages as well. Simulate the removal process first to see if this is acceptable. However,

        2) If you decided to install gamin and libgamin on top of fam and libfam0, then those other packages will not be removed, save for libgnomevfs and thunar-vfs and fam. It really seems that Gamin is indeed a drop-in replacement for Fam, because removing Fam removes a couple more packages, while installing Gamin on top of Fam will remove Fam but not the others.

        /m

        Comment by milithruldur | April 8, 2011

        • I have always understood that gamin was the newer ‘version’ of fam, so I was surprised to see it in aptosid too. But it seems to work better with pcmanfm-mod than gamin did – pcmanfm-mod picks up on directory changes instantly now, whereas with gamin there was a delay. Makes it nice and snappy. But I also disabled hal support when I built pcmanfm-mod this time (so HAL is not used for mounting – I use devmon for that), so perhaps that affected something.

          I encountered the 100% cpu load once yesterday with fam when I was working on pcmanfm-mod (restarting it frequently for testing). But with regular use it hasn’t been a problem for me – I actually like fam better.

          I do see some old bug reports on this, with some possible workarounds. Doesn’t look very well supported anymore though, so gamin might be the way to go if you encounter this bug. Thanks for the tips on switching.

          Comment by IgnorantGuru | April 9, 2011

  14. I appreciate seeing this article. I had not read it but keep seeing more responses to your article about Arch Linux. I left Arch because of your article and have seen first hand how they treat the users. I was never as comfortable of using Arch as I like some thing set up for me. Maybe this is why I kept using KDE as they seemed to have every thing set up and I had to do nothing. I at one time used Debian and kept coming back to it but finally stopped using it as I liked a more up to date system and found that some software even in testing was not that up to date. It sounds like things have changed in this regard. I have used aptosid and was not to impressed at the time but that was quite some time ago and things may have changed since then. At the moment I am testing PC-BSD 9 but might leave this and try out aptosid. I like true rolling releases so may try this out for the time being and then see where Gentoo gets on there problem and go there instead.

    Comment by John | April 12, 2011

    • As Nymphtus said and I have noted, sid does seem to be more up to date. One thing I like about Debian – this morning I received this email:

      From: Nico Golde 
      To: debian-security-announce@lists.debian.org
      Subject: [SECURITY] [DSA 2218-1] vlc security update
      Date: Tue, 12 Apr 2011 14:09:44 +0200
      
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1
      
      - -------------------------------------------------------------------------
      Debian Security Advisory DSA-2218-1                   security@debian.org
      http://www.debian.org/security/                                Nico Golde
      April 12, 2011                         http://www.debian.org/security/faq
      - -------------------------------------------------------------------------
      
      Package        : vlc
      Vulnerability  : heap-based buffer overflow
      Problem type   : local
      Debian-specific: no
      CVE ID         : none yet
      
      Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia
      player and streamer, is vulnerable to a heap-based buffer overflow.
      This has been introduced by a wrong data type being used for a size
      calculation.  An attacker could use this flaw to trick a victim into
      opening a specially crafted MP4 file and possibly execute arbitrary code
      or crash the media player.
      
      
      The oldstable distribution (lenny) is not affected by this problem.
      
      For the stable distribution (squeeze), this problem has been fixed in
      version 1.1.3-1squeeze5.
      
      For the testing distribution (wheezy), this problem will be fixed soon.
      
      For the unstable distribution (sid), this problem has been fixed in
      version 1.1.8-3.
      
      
      We recommend that you upgrade your vlc packages.
      
      Further information about Debian Security Advisories, how to apply
      these updates to your system and frequently asked questions can be
      found at: http://www.debian.org/security/
      
      Mailing list: debian-security-announce@lists.debian.org
      
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.10 (GNU/Linux)
      
      iEYEARECAAYFAk2kQQgACgkQHYflSXNkfP9KhQCeIMouwisbaIRQji7lU1YTugpU
      j1EAn2/iB3jEH4k2ns4c0AKXZgy8IgIn
      =uVBg
      -----END PGP SIGNATURE-----

      I looked and I had vlc 1.1.8-2 installed, so I did an upgrade immediately. These security alerts are nice. I also have noted that on the handful of alerts I’ve received so far, the problems were already fixed in sid and testing said “this problem will be fixed soon”.

      Comment by IgnorantGuru | April 12, 2011

  15. I tried to install this to my main hard drive. It is funny they are using such an old installer. For me it keeps aborting after step 5 so now I have no linux installed on this machine. Not sure what the problem is as the files it tells me to check do not offer any advice as to what went wrong. I guess I might try out gentoo again or throw Fedora 15 on here again as I know that works.

    Comment by John | April 13, 2011

  16. I obtained a few years ago sidux; now on my three computers are updated Xfce aptosids – SSD Netbook Acer, MSI ATI Radeon AMD 64 laptop and AMD 64 box.

    But on AMD 64 laptop during the boot message is:

    hda_intel: azx_get_response timeout, switching to single_cmd way …

    and after 10-15 minutes the computer shuts down.

    With Parted Magic hours of hardware inspection is without errors – + 80 C, scan disk, CPU tests etc.).

    I think the error is in “geras” or Debian sid kernel with sound card, or grub2, because older apto / siduxes worked on the laptop properly.

    The lesson: no need to rush!

    I am going to downgrade my distro and await the resolution of problems.

    After 12 years of Linux, from SuSE 6.0 (1999.) to Debian, several Ubuntus, Mandrake, Gentoo, Arch, Mint, Sabayon, Fedora, Puppy and countless gigas of Debs, rpms, tgzs …: huge Gnome and ugly KDE 4.x are not installed on my computers.

    Comment by mlse | April 14, 2011

  17. To IgnorantGuru and all who miss package signing.

    I was upset when I got to know IgnorantGuru decided to move from Arch to another distro only because of lack of package signing. Arch is very good distro with a lot of advantages: simple in configuration, one config file instead of bunch scattered over the system, stable, and of course rolling-release. And I dont think one defect in a system is enough to abandon it. Maybe someone will now say that it’s a REAL and BIG defect! But I am saying not about weight of bug, but about its quantity – it is only one! I could understand switch to another distro if there were heap of them – bug on bug driven by bug! But only one…

    So what do I suggest?

    We are living in open source world, right? So what’s the problem to make fork of any program we want, if we have of the sources?!

    Decisions (in order of simplicity)

    1) *pacman’s fork*. The inconvenience is fork’s maintenance to include all the changes of original pacman

    2) instead of writing and maintaining the fork, we can use *spaceman*. Why invent something what is already done! Spaceman is package manager of Gnuffy (Arch based distro) with implemented package signing! If it is based on Arch then it should work under Arch as well. Take spaceman and change it little bit for our needs to work in Arch as native.

    3) more simple variant – *pacman’s wrapper*. Like yaourt or packer. I personally prefer more simple packer. Wrapper is not replacement of orinigal program but its supplement. So you dont have to care about all changes of pacman. Your program just supplement it, like packer with its ability to install from AUR. Here is the same thing – wrapper cares only about package verification, and if it is correct – pass it to pacman, the rest thing doesn’t matter.

    4) even more simple variant – combination of (2) and (3). It is *wrapper which function like spaceman*. Inventing your own code is minimal, and changes of pacman dont bother at all.

    What next? Next is(are) mirror(s) with signed packages

    Again, decisions (in order of simplicity)

    1) Download all the packages from the mirror where packages are not faked. Sign them. Make our own mirror.

    2) Find already existsing mirror with correct packages. Contact with mirror’s maintainer and arrange about creation of parallel repos with signed packages.

    I believe other mirror’s maintainers will appreciate it and will maintain repos with signed packages as well.

    Comment by BrainWorker | April 17, 2011

    • I’d go with number two, as I’ve already done that on my Arch system (which is now a Gnuffy system). I would be interested to hear what wrapper ideas you’d have for spaceman if we go with number four. (Not to mention editing spaceman’s code’s quite easy)

      Also, I think we could go with number 2 quite easily if we can contact him.

      You might want to also look at this thread, where I posted about my experiences with Gnuffy: http://bbs.archbang.org/viewtopic.php?id=519

      Comment by amethystsigilyph | April 17, 2011

    • *Durp, I meant number two for the part about the mirrors in the second ‘paragraph’ of my reply to you.

      Comment by amethystsigilyph | April 17, 2011

      • I am glad to hear that someone else is concerned about package signing, besides IG :)
        This is great! One’s as good as none, together they can move mountains! :)

        More about point 4. In point 2 I said about usage of spaceman instead of pacman as package manager under Arch (with possible modifications in order to make it run under Arch smoothly). But in point 4 I suggested easier (as I think) variant – make wrapper for pacman using spaceman features that have to do with signing.

        What do I mean? Spaceman is a stand-alone application, which can, inter alia, install, updrade, remove packages. I suggest to port only the code concerning package signing (only that part we are interested in) and make pacman wrapper from it. That’s it. We are not really interested in new way of installing or upgrading packages, are we?!

        The second advantage of that approach is that, unfortunately, Gnuffy is abandoned project and it is not developed. The latest update of project’s wiki was one year ago, and the URL to spaceman’s packages is broken.
        So whether you like it or not, project is abandoned. For some reason it seems that nobody is interested in it. And in this case I think we have to adopt the best things that was made but now lying in the ruins. …Especially because Arch is good and well.

        Comment by BrainWorker | April 18, 2011

        • Oooh, right. What URL are you referring to that’s broken? I suppose you mean the package list, which downloads just fine onto my system and I can still upgrade just fine. There’s probably some more stuff I can fix in spaceman (most of which are minor bugs) and there is some activity, but not much due to lack of manpower. I’ll go ahead and stick with my decision so I can help them, but I digress. Onto the feedback for your solution:

          I can work on a wrapper to deal with the signing quite easily (provided I can get time back on my desktop, because my one of my current classes require me to make *.docx files with line numbering). I’ll just have to make sure the wrapper covers all possible options for pacman. A good starting point for the wrapper would probably be packer, since it by default deals with operations only it needs to deal with, letting pacman handle the rest.

          Adding the signing support to makepkg should be relatively easy itself, only requiring a few lines to be added to makepkg to sign the package.

          The code snippets that would be of most interest to you are the sign_pkg and the check_signature functions. The check_signature function may require a bit of tweaking to suit the needs of the wrapper. I’ll try to get on my desktop to see how we’ll deal with the checking (and to investigate it further to see what changes we’ll need).

          http://pastebin.com/nN0f1rrt <- At least I was able to get the appropriate functions out of spaceman for pasting convenience.

          Comment by amethystsigilyph | April 18, 2011

  18. This was a very nice read. I am in the process of making my own minimal Ubuntu install with Openbox and XFCE components as seen in Crunchbang (they have since switched to Debian Sid as well) and your article has given me new packages to have a look at.

    I tried Arch for day in a VM but quickly got fed up with it. It’s just too much work and I am too familiar with the Debian way to switch now.

    Don’t get me wrong, I love Debian, but I love Ubuntu just a TINY bit more thanks to the PPA’s.

    Comment by snek | April 19, 2011

    • Out of the box, CrunchBang is based on Debian stable or Debian stable with backports. It is not based on Sid. However, you can base CrunchBang off of Sid by making changes to the sources file.

      Comment by Kurt | June 22, 2012

  19. Andreas, have you had enough time with Aptosid to be worth an update to this post or a new post?

    I’m currently using ArchBang, but have to agree with your two primary concerns about Arch. Nice distro, incorporating much that is nice about CrunchBang, but I really think I want to base my Linux experience off either Debian Testing or Unstable.

    I spent almost a year with #! Statler, based on Testing and it was more stable than any newly released Ubuntu. Decided to try out ArchBang on an Arch base an it is OK. Lovely docs.

    However, #! will be based on Stable and I really prefer a rolling release. I think my skills have advanced to the point where I can config and maintain my own Openbox on Debian Unstable.

    Two other advantages to Debian: availability of pre-built apps in .deb format (e.g., Chromium — Arch Extra is not current) and the opportunity to become expert in one of the two major versions of Linux — Debian.

    Debian and/or Fedora/RHEL/CentOS skills are more widely applicable professionally than Arch, Slackware, SuSe, etc.

    Comment by Doug | April 19, 2011

    • Thanks – interesting points. As far as an update on my experiences with Aptosid, not much to say (which is a good thing). I haven’t been toying with the internals too much the past few weeks, just using it and occasionally updating and adding minor software now and then. It has been running very reliably in that time, and I haven’t had any update problems. The only issue I have is still the nvidia driver issue I spoke about above. I’ve just been booting the .37 kernel for now. There were a number of options discussed for how to update the kernel and keep nvidia happy but I figured I’d wait for a bit – I have no need for the very latest kernel at the moment and had some other more pressing things to do.

      I did disable the daemons that handle cpu frequency (cpufrequtils & loadcpufreq) to see what it would do. I’m honestly not sure exactly what they do and didn’t research it, but for this desktop system I didn’t want any throttling. I think it may have given me a little boost. And the Sensor Viewer that shows temps and fan speeds still works (it came already setup so left it in there), as does the CPU load monitor in the lxpanel tray.

      Other than that not much to say – it’s working great and I like the security bulletins.

      Comment by IgnorantGuru | April 20, 2011

      • Thanks for the insights. I think aptosid with Openbox & XFCE will be my next distro.

        Mea culpa on the Arch/Chromium update issue. My mirror apparently has gone out of sync, which I didn’t suspect because the Arch Chromium package itself had been flagged as out of date. I switched mirrors and all is well, despite the package flag.

        Comment by Doug | April 20, 2011

  20. Looks like they are close to implement package signing in Arch.

    Look at the beginning of begginers’ guide https://wiki.archlinux.org/index.php/Beginners%27_Guide

    This fact makes me glad :-)

    Comment by BrainWorker | May 16, 2011

  21. Brainworker said: “Look at the beginning of begginers’ guide https://wiki.archlinux.org/index.php/Beginners%27_Guide

    If you referring to checking the md5sum of a downloaded iso, that is not new.
    To what are you referring?

    Comment by Pablo | May 17, 2011

    • Oops, now that warning is gone!

      On the top of begginers’ guide there was warning (written on red background): “ArchLinux currently uses unsigned packages. Security of your system depends on package mirrors you use”.

      Comment by BrainWorker | May 17, 2011

      • Brainworker, I’m not sure what your purpose is – you come across as someone who wants to convince us that Arch is fine once package signing is implemented, eg:
        “And I dont think one defect in a system is enough to abandon it.”

        I disagree, yet this also shows that you have not absorbed the core of my complaint, where I said repeatedly that lack of package signing for a decade is just one symptom. The real issue is that the primary Arch devs are irresponsible with their users’ security, and just adding signatures to packages won’t change that reality. Using a distro where the devs don’t care about your security and treat your concerns dismissively is just as irresponsible. It’s clear you are unwilling to give up Arch – so be it. But you’re certainly not convincing me of anything but the opposite of what you’re saying.

        The edits to the wiki in the last two days to add, then tame down, and then completely remove the warning to new users is yet another example of this irresponsibility (you can see the edits in the May 16, 2011 history). Now that I’m no longer an Arch user, it’s rather humorous – they sure do respond fast to any documentation of their lapses, just not to the lapses themselves. They continue to be unwilling to inform new users of the implications of using Arch’s package system. Their pride is far more valuable to them than their integrity.

        Once they do implement package signing, there will be many who will say ‘Arch is now secure’. But that’s merely wishful thinking. I now know the attitude and practices of the devs – Arch is an irresponsible Linux distribution which IMO should be avoided on principle alone.

        Kid yourself if you like, but not me.

        Comment by IgnorantGuru | May 17, 2011

  22. FYI, in terms of Debian taking up less disk space than Arch, that’s no accident and has nothing to do with LibreOffice (most of its bulk is in its base, not its individual programs).

    The reason it takes up so much less space is that Arch installs the development headers for every single installed package, but Debian doesn’t, and instead expects you to install the corresponding -dev package for every package you want the headers for. Arch’s method is more convenient if you compile lots of programs outside the repositories (say, the AUR…), or just like to develop using lots of disparate libraries. Debian’s method is better when you want to conserve disk space, or simply don’t compile very many programs with dependencies. Both have their advantages and disadvantages.

    Comment by Stan | May 18, 2011

    • Thanks – that makes sense.

      ——–

      As an update on the original post, updates have been going very trouble-free with Aptosid, and any security problems that I receive alerts about have already been resolved by the time I update. The latest update also included new nvidia source with the latest kernel, and this corrected the nvidia problem referenced in the OP (not sure if nvidia fixed it or aptosid/debian patched it). I had merely been using a slightly older .37 kernel until the issue was resolved, although there were easy fixes advertised before this. With rolling release, I find it’s often helpful to just wait on some updates. I’ve been updating Aptosid about every two weeks with great results. Their forums have been friendly and helpful as well.

      And of course I gave myself an introduction to Debian packaging and setup my PPA without much hassle, making it all compatible with Ubuntu as well as Debian (and other Debian derivatives should work as well). (I downloaded’s Ubuntu’s latest liveISO to test with, and personally I definitely like Aptosid better than the direction Ubuntu has gone – the live boot time alone was remarkably different, and I had stability problems with Ubuntu live.)

      Comment by IgnorantGuru | May 20, 2011

      • Hi, Could you give some report on how you set up the PPA or any link to that effect?

        Comment by rivo | April 1, 2014

        • I use reprepro to maintain my PPA (as a local git repo). I just serve it from a ‘debian’ directory in my github homepage. You can browse the conf/distributions file for reprepro here.

          I use scripts to handle it, but to add to the ppa, I basically create the deb file ($f) (I use equivs-build plus some custom scripting to eg make SpaceFM’s build-from-source packages or to package scripts), cd to the local ppa dir, and run:
          reprepro -Vb . includedeb unstable "$f"

          Or to remove a package from the PPA:
          reprepro -Vb . remove unstable "$pkg"

          Then I manually sign the PPA:
          cd "$ppadir/dists/unstable/"
          gpg -u "$keyid" -o InRelease --clearsign Release
          gpg -u "$keyid" -o Release.gpg --detach-sign Release

          Once I have it done locally, I commit and push to github.

          Which is all a bit hackish but works easily and very reliably for my simple purposes.

          Comment by IgnorantGuru | April 1, 2014

  23. NICE article, I tried aptosid quickly but then I went back to the ArchWay. But aptosid is going back on my newer spare PC, as soon as I get it.

    But yes, OpenBSD / FreeBSD (is just so good, their Docs, userland bar-none is the best UNIX in the world)
    But sadly as you mentioned, the lack of good(new) Hardware device’s support (no thx to the obvious greedy-proprietary Manufactureres’, and yes, I do mean ATI mostly !) is pushing me farther and farther away.
    No blame on FreeBSD’s part here, ’cause we ALL know what MacOSX really is anyway ;)

    But ya, Aptosid + Openbox looks like a winner.
    thx.

    Comment by Rick | July 28, 2011

    • Thanks for your comments. BSD did look promising. For me the main issue was definitely hardware support, particularly my Brother printer/scanner. With a lot of work on the driver I might have been able to get the printer working, but I suspect not the scanner. And that is pretty much a show stopper. You’re right about OSX! Apple is a parasite in this case – not sharing their BSD hardware progress back to the community.

      Aptosid has been working great for 4 months now, and beyond the initial problems I had (which were resolved fairly promptly), I haven’t encountered much else. I do bi-monthly updates on average, and they seem to do a good job with the stability of their rolling release, and the versions seem up-to-date. I’ve definitely had fewer hassles since the switch.

      I’m not very excited about Linux anymore though. I think the quality, stability, and security of the kernel and major components like X are being eroded and spoiled by corporate interests, developer egos, and poor development practices. But the alternatives seem unripe for casual users who don’t want to lose functionality. I look forward to a good alternative that’s cleaner and more modern in concept, but also with a bit more ‘old world’ quality in it. A lot of what’s built for Linux today is built broken – disappointing to see quality drop like that to a Microsoft level. Maybe Hurd will grow into this role. What Linux was to UNIX, we now need for Linux. Who’s the next Linus?

      Comment by IgnorantGuru | July 28, 2011

      • …it’s so ageold it isn’t even funny anymore now.
        Even a 100 years ago, if you bought a FORD you could literally drive it away.
        …and to this day, when you buy a new car you can simply drive to wherever u want.
        This is why “TCP/IP” (thanks to BSD/Unix) was Free in the 1st place.
        BIOS is not a means of travelling (PC-wise).
        I’m sorry but when ppl buy a PC/Desktop the NetOS should come with it FREELY, otherwise can anyone explain to me how you could even USE your brand new PC without an OS ?
        It’s called the Baiscs, a functional NetOS, and NO why should I pay for it, since obviously my PC/Desktop/Apple/Laptop/Microwave/Car/,…, is USELESS without it. Call it “firmware” if you like. but that’s not the point. If I can’t “drive” it. I don’t want it.

        We have all been so “snafu’d” for years now, that, well, … :)
        Sooo, you want “Apps”, on top of your basic ability to function ? fine, then pay for them !
        Let the “Hardware” manufactures give me a fully functioning PC/… whatever, including of course, a NetOS.
        so ya, Mr. Linus seems to have completely forgotten what the “fair”-fight was for in the 1st place. Hence, the *BSD’s, and the Linux’s,…to the rescue.
        I’m still humbled by the fact that we can download and install thsese wonderfully FREE NetOS’s. wow.
        Microsoft has got to leave, it’s as simple as that now.
        This will be the only way, that the Hardware Manuf’s will write “ALL” the drivers we could ever need for any UNIX/Linux’s. If they don’t, they DO NOT sell their Hardware and they go out-of-business.
        I actually like Win7-64, it’s a pheeew,! to say the least. but yes to buyiing MSOffice, and NO to the NetOS.-that any hardware needs to function. All these hardware manuf’s gotta get on board the train, or be left behind.
        In the future that is.

        Comment by Rick | July 29, 2011

  24. Nice article! In fact, you made me curious about aptosid and tried for few days. Unfortunately, for some reason my wireless card (Intel 2200bg) keeps dropping connection and then refuses to reconnect unless I reboot. I went on to the Forum on aptosid site and was glad there was already a topic someone posted about the issue — until I started reading it: I’ve got to admit I was very discouraged with the way they treat their users who simply asked a question they didn’t like.
    http://aptosid.com/index.php?name=PNphpBB2&file=viewtopic&t=1662

    Comment by Anonymous | September 9, 2011

    • To an extent I agree – I have noted that the behavior of some of the moderators and developers on the Aptosid forum is sometimes out of line and disrespectful, sometimes engaging in the usual power trips of moderators. Like any forum there are those who use it as a place to be abusive and arrogant. There are also helpful people there. I have also noted that they tend to dismiss or explain away, rather than address, some problems and bug reports. I suspect this is because they don’t want to work on them or be responsible for them. IMO they should simply not reply if they’re not interested in addressing the problem, leaving it unanswered until someone is ready to actually address it. But at the same time I have to note that these same people do a lot of work to put Aptosid together and do address many problems, so you might call it work stress related, as unprofessional as it becomes at times.

      The example you cite isn’t the best example I’ve seen, because the original poster seemed to immediately inflame the situation rather than simply sticking to the facts and giving the facts a chance. Then, in turn, the other participants didn’t handle the attack well, and got into personalities instead of sticking to the facts. Common forum behavior, but unpleasant.

      I suggest you add a simple fact-based account of your experiences to that thread – it looks like they could use a second poster confirming the problem.

      Also, in my experience with wireless drivers and random disconnects, the problem can be in unsuspected places. For example, in one installation (I think it was on Arch), using wicd to manage the device caused repeated disconnects (although wicd had always worked well for me on other systems). Using Network Manager instead of wicd resolved the problem, though I have no idea why that was. So in my experience it is always valuable to experiment with different wireless managers and setup methods. In this case, perhaps something in Aptosid’s wireless manager setup is triggering the problem (which may be related to a bug in the firmware), and this is why other distros aren’t seeing the problem.

      Comment by IgnorantGuru | September 9, 2011

  25. Curious and looked at the thread and have a different reaction to it.
    The one who replied, slh had the wireless card himself and had it working and had no clues on which to work on (no error messages or debugging output).
    You can’t expect someone to be clairvoyant.
    I find the demanding tone of nahn also a bit provoking.
    And lacking the understanding why some problems can’t be solved.

    Slh is a bit rude by formulating there is no problem when he in fact explains to mean by saying that, that to be able to solve you have to have the exact parameters of the problem. It is a pity and a defeat when the atmosphere of support and collaboration is broken down by these kinds of confrontations.

    Everybody in a supporting role loses his patience once in a while. Let’s show some understanding for that.
    On the other hand, mods of fora should have some understanding for the feelings of frustration and the helplessness of the new user and explain how the new user can provide the necessary info.

    Comment by Pablo | September 9, 2011

  26. slh is right: “The whole essence of fixing a bug, is understanding what is broken – and the key point to understanding that is finding a lever to reproduce it (or at least to pinpoint its general location through error messages.” The necessary information to fix the problem is simply missing.

    And piper’s reaction is understandable

    Status: Offline

    nahn wrote:

    It looks like a firmware issue to me. Can anyone help? Thanks!

    If this is a firmware issue, why are you taking it out on the devs or aptosid period ?

    On the other hand, I have to agree with IgnorantGuru
    “it is disappointing to me to see moderators using language like “noobish”, “pathetic”, “troll”, and “your kind” – clearly personal attacks from moderators on a frustrated user asking a technical question.”

    slam points out the – to me childish – behaviour of the nahn:
    “He also left us developers without any of the technical information we asked for, in order to help him and help fixing possible bugs who might hit others.”

    nahn wrote:
    Haha, defensive, defensive, defensive! How pathetic! I have no time and interest for this kind of stupidity! Goodbye!

    Piper answered

    “…. Please let the door hit your Ass on the way out !”, that’s as rude as the thread-opener’s way.

    Comment by schdrag | September 28, 2011

  27. aptosid is a good distro :)
    I love kde but it’s good xfce

    Comment by killjoy | October 15, 2011

  28. Interesting, I am considering moving from Ubuntu to Arch because I have problems with DPKG packaging system. Lack of package signing is a big deal though.

    Comment by Mad Wombat | October 21, 2011

  29. Package signing has been in the [Testing] repo of Arch for a while now.

    Comment by Anonymous | November 29, 2011

  30. Package signing is no longer in testing since Jan-16, and is now out with pacman 4. This whole rant is obsolete :P.

    Comment by Robert | February 11, 2012

  31. I currently use Arch on my workstation at home. I enjoy how easy it is to get it up and running. I see you moved onto Aptosid. I love the rolling release model and can deal with regressions, but now that it’s been quite awhile, how are you finding Aptosid? I’ve been trying to move away from Arch but it’s just so simple to use, set up, and get running. I see that Aptosid has a KDE based ISO (which is the DE I use).

    Comment by Mario | March 5, 2012

    • Hi, I have replied to your comment here, as i was meaning to do an update – thanks for the reminder.

      If you find Arch easy, I’m sure you can handle Aptosid. But the methods do vary so you’ll need to get to know apt-get, etc if you don’t have debian experience. Their user’s manual describes the installation and upgrade process well.

      Comment by IgnorantGuru | March 6, 2012

  32. I’ve seen questions asked in previous posts about the difference between Debian testing and Debian unstable. Security updates is one difference: http://www.debian.org/security/faq#unstable

    Comment by Kurt | June 22, 2012

  33. I use a full Xfce Testing/Stable installation (Stable when testing is still to wild and Testing as it is getting closer to a freezing time) in my workstation and Sid in my laptop. I installed Sid from the Stable business card netinstall image (the only one that, in expert mode, provides the option of installing Sid). I installed only the base system (just the kernel and system utilities) and then added other stuff like the X server and so on. You end up with a very clean system and it is more like the Arch way of building it…

    Comment by Koroshiya Itchy | February 13, 2013

  34. thanks for this. Over the years– 93 till now; I’ve been around the distros, slack, suse, redhat etc and the past few years ubuntu and Gentoo. Totally fed up of Ubuntu these days. If I wanted Windows I’d go buy it; And Gentoo, though I like it a lot, gives me problems as I work on a ship and don’t have good internet there. Going to give aptosid a try right now!
    Pat

    Comment by pat mccormack | March 1, 2013

  35. You do know this rant is obsolete since around Nov 2011 right?

    Comment by Xatruch | June 14, 2013


Sorry, the comment form is closed at this time.

%d bloggers like this: