Aptosid & Siduction
Someone asked in a comment how Aptosid has been running in the long term, so I thought I would provide a quick update on my experiences, and also introduce the new Siduction distro.
Background
For those who haven’t followed the whole story… After discovering early last year that Arch Linux had no package signing, and after speaking with their lead developers and discovering they had very questionable attitudes and practices toward security in general, I moved from Arch to Aptosid as my main distro. Since then, Arch has added package signing. While I’m glad to see they’re making efforts in this area, I still view Arch with a wary eye regarding security, mainly because of the attitudes I encountered. Good overall distro security (not just package signing) is hard work, and if they don’t take it seriously, it won’t be done well. But I have not followed Arch’s more recent work or discussions, so I can’t comment on the current state of affairs there. I find it hard to believe they’ve corrected all the issues in their development process, but I’m glad they’re taking security more seriously. In many ways Arch is a great distro, so I hope they continue to improve in this area.
Aptosid
I’ve been using Aptosid for about one year. Aptosid is a rolling release distro – basically Debian sid with optimizations, fixes and support. As with Arch, one can update the system several times a day to get the very latest upstream versions of software, sometimes including breakage.
Before I comment on the results, it’s important to know what I use in general, since this can impact performance. I like a lightweight, very responsive system, so I run plain Openbox as my WM, with mostly independent GTK apps. I tend to avoid apps which are tied to particular DEs, such as Gnome VFS dependent apps. Some of my favorite apps include Geany (text editor/IDE), Claws-Mail, Firefox, LibReOffice, gFTP, Deluge, Mplayer, VLC, Asunder, Brasero, Geeqie (image viewer), Gimp, Evince (PDF viewer), Roxterm, LXPanel, and of course SpaceFM (file manager). I highly recommend these apps – most are ‘old school’ Linux with good attention to quality and rare breakage.
Unfortunately, on one system I require NVidia’s proprietary driver as my video card features are not fully supported by nouveau. And I have a Brother laser printer that requires Brother’s binary blob. I also run the non-free Flash plugin so I can view the entire web. I boost security a bit by running Firefox/Flash in a Sandfox sandbox.
Results
For the most part, Aptosid has been running great, which says a lot for their development process. You don’t get this kind of reliability in a rolling release by accident. It’s also a pleasure to use because I have access to the Debian unstable repos, which contain just about everything I use. Part of my success with Aptosid is due to the apps I’ve chosen – they are well-developed and maintained. So even using their latest releases there is rarely breakage. In fact I can’t remember ANY.
Where I did run into trouble was with Aptosid’s NVidia support. The Aptosid devs don’t like non-free components, and I wonder if their support in this area is somewhat below par. But it could also be that NVidia decided to start breaking just when I moved to Aptosid, as the bugs involved were their fault as far as I could tell, and Xorg was going through some growing pains at the time. I don’t expect Aptosid to fix NVidia’s bugs, but they could do a better job advising users how to deal with the breakage, and being less hostile toward the use of non-free components. As a result of my NVidia issues, I occassionally couldn’t do a full update for several months at a time. I instead updated a few apps and components. Eventually the problems were resolved upstream, or in one case I needed to update my Xorg config to work around a change.
Despite the fact that I run a rolling release, I do not usually need the latest and greatest, so this wasn’t too inconvenient. By comparison, I had more routine breakage running Arch, but it wasn’t as long-term. And I had FAR more issues back when I used Ubuntu supposedly-stable (but with KDE involved).
I have also installed Aptosid on a number of laptops, such as the Asus A53E-XN1. In general I’ve had very good experiences with Aptosid in this area.
I have not had to reinstall Aptosid at all, though by comparing it with newer installations, I’m not convinced they’re the same. The packages are updated, but some of the system’s configuration may grow out of date. I haven’t had any problems with this, but after a year I’m wondering if a fresh installation would prove valuable.
Method
My method toward rolling releases makes a difference too. Before every update (which in Aptosid is an apt-get dist-upgrade), I make a backup of the entire system partition (using Partimage or FSArchiver, as detailed here, and also automated in SpaceFM’s Device Manager). If any serious breakage occurs, I roll the entire partition back to its pre-update state. I then wait for a fix or sometimes participate on the forum. This makes updating about a 20 minute process and requires a reboot, but it is well worth the time. As a result, I don’t update all that frequently – usually every few weeks – but given the apps I use this isn’t a problem. (Aptosid recommends updating more frequently, and at least every 2-3 months, but I and others have gone longer without problems.)
So rolling release doesn’t have to be an unstable experience, and my system runs great. In some tests Aptosid has been clocked slightly faster than Arch, or vice versa, but they are very close in performance. I find Aptosid’s/Debian’s packages are more carefully put together, especially where security is concerned, but overall system maintainance is comparable in terms of time required fussing with it (minimal), if different in terms of the methods used. I think I slightly prefer Arch’s maintenance methods, but I prefer the work that goes into Aptosid’s (Debian’s) packages and their comprehensive approach to security.
Siduction
In late 2011, some of the current and former developers of Aptosid broke away and started a fork called ‘Siduction’. Their reasons include creating a more user-friendly experience, and better support of non-free components. As user Kelmo describes:
The technical differences between the two are to the best of my knowledge untold so far – mostly conceptual/behavioural differences separate them at this time. The people behind “siduction” have a strong difference of opinion about the way the people behind “aptosid” conduct themselves in developing and supporting a FOSS distribution, so they decided to copy everything to somewhere else and started moving on with whatever it is that they want to change. link
It’s worth noting that the conduct on Aptosid’s forums leaves a bit to be desired. It is not the friendliest of forums, in part because of the developers and admins. I don’t think they mean to be as rude as they are, but their impatience and attitudes do offend some users. I think they’re working on it – I’ve seen some improvement lately. But I think Siduction is in part a response to this problem. On the positive side, Aptosid’s devs do participate on the forum, so often there is expert advice there.
Siduction is a creation of developer ‘fickleplatz’ and others who were major contributors to Aptosid. Some of Siduction’s web pages are in German, which makes it a bit difficult. Hopefully this fork will grow into another solid choice.
9 Comments
Sorry, the comment form is closed at this time.
IgnorantGuru's Blog 
Thanks very much for this timely post – I’ve been following your blog for a couple of months, and I was recently thinking of asking you about your current thinking on aptosid vs Arch etc. (I also like some of the simpler system maintenance of Arch compared to Debian (e.g. one single pacman vs the maze of dpkg/apt-get/aptitude/etc) but feel also uneasy about some other Arch stuff you mentioned. One thing’s for sure, they have much better online documentation than other distros I’ve explored, which is also important.)
Also: why are you using aptosid instead of just Debian sid directly? Have you used Debian sid directly in the past, and if so, why do you prefer aptosid now? I guess that means: Concretely what “optimizations, fixes and support” does aptosid give that sid doesn’t?
PS: Are your computers all running 64-bit or all 32-bit, or some of each? Have you had any 64-bit-specific problems?
> e.g. one single pacman vs the maze of dpkg/apt-get/aptitude/etc
That’s a good point. And you could add apt-cache. :) I do use apt-get, apt-cache, and dpkg for assorted things, such as examining package contents and dependencies. The package system on debian does work well though, and is simple enough once you get to know it. I more miss Arch’s rc.conf as opposed to debian’s init.d stuff. But again, it’s mostly a matter of adjusting. Once it becomes routine I don’t find much difference in my ability to do what I want. I agree about the Arch Wiki, which I still use, and which has become a source of general documentation useful to many distro users.
However, using Aptosid and the Debian packages, I came to realize that many of Arch’s packages are under-configured, and do not setup security-related options and files well. Arch dismisses this as the user’s responsibility, but I don’t think many users take the time to do these things themselves. Many Arch users will install and use packages without realizing this is the case, especially if they’re coming from other distros. Arch is more like a toy for developers in some ways, and this is definitely the attitude of the Arch devs. They don’t take it very seriously. That’s fine IF you know what you’re getting into. So Arch seems easy to use in some ways, but that ease comes at a price. One example which struck me was the way Arch setup X11 compared to Debian – I found Debian’s approach much more thorough and integrated with other components. (That was some time ago, so I can’t comment on their current doings.)
Arch does have more experienced users though, so that helps improve security somewhat – more eyes are keeping watch on the inner workings.
The other issue which concerns me is the way they hid and censored relevant security information from users – something I and others experienced in addressing the package signing issues. I think combined with the ‘configuration is the user’s responsibility’ approach, this can be problematic. By contrast, in Debian I receive the security alert emails. Arch has no such security team (or at least didn’t last I checked).
> Also: why are you using aptosid instead of just Debian sid directly?
When I was considering debian, a number of people recommended Aptosid as a good way to use sid, and it has proven to be that. I never tried sid directly. I don’t think the difference is huge, but the slh kernel used in Aptosid is well done and well optimized from my results, and they do seem to help keep things glued together. I realize that’s not concrete but it’s the general impression I’ve gotten while using it and using the forums. Aptosid puts sid together as a distro (xfce and kde variants), so they consider how the components interoperate. And for support, the forum is quite useful at times. How much better this is than using plain sid I can’t say. One of my strategies is to keep things simple, so I avoid a lot of the problems that would give me better data on this. :)
Mostly I use 64 bit, although I have installed 32 bit on a few older laptops with comparable results. I think most distros handle 64 bit much better these days, and I haven’t had any architecture-specific problems on Aptosid. You might get a more well-rounded feel for this by browsing their forums.
I also see that Siduction has come quite a ways since I last checked it out about a month ago, including more english docs. I’m seriously thinking of giving it a try.
Thanks for your comments.
Thanks for posting your experiences with aptosid ! I used aptosid quite a while ago when it was still called Sidux. Sometimes the “tone” in the community is a bit harsh but in general you get good help.
In general I found Sidux aka aptosid very stable and during the half year I used it I had no issues.
The devs do not like propritary software / drivers because the follow the Debian “Code of Conduct” :)
To my limited knowledge this translates to “Everything in non-free is not good and not supported” but after all they a more relaxed than the guys over at Trisquel (which is also based on Debian somewhat since they use Ubuntu as base distribution). I run several boxes with NVidia cards as well and would be happy to switch away to Noveau but in the current state even the bleeding edge version has unstable 3D and no solid CPU-based H264 decoding.
For me personally “freedom” of software ends where I am unable to use my available hardware. Example:
The NIC on my AMD/ATI based motherboard relies on a firmware file, which is of course not included with the standard aptosid installation CD. So far, so good….
Now for installation for aptosid I would require either to use a different NIC (e.g. my cheap USB NIC which works without firmware) or grabbing the firmware tar from the Debian page matching my aptosid kernel with another running live distribution which supports my NIC. That is somewhat pointless. Removing as much propritary stuff as possible is great because you will often experience bad issues (e.g. fglrx taking up 100% with XOrg on an AMD E350 mainboard without doing anything) but removal without working alternative is pointless (NVidia propritary vs. Noveau).
I think what makes Aptosid a better option about using sid natively are stability and security. While the Debian team will most likely assure to provide security fixes to sid as fast as for the stable Debian branch, you still might see security patches for Debian stable in a more timely manor.
A rolling-release distro which I also like is Sabayon (Gentoo-based). I am currently using it on my HTPC and it works great. They have greatly working out-off-the-box support for 3D acceleration (both ATI and NVidia) with the propritary drivers. Compared to aptosid they provide much slicker looking artwork and design IMO. The also support a variety of DEs / WMs with installation CDs although I am aware that switching away from XFCE/KDE in aptosid is not too hard to do.
> The devs do not like propritary software / drivers because the follow the Debian “Code of Conduct” :)
Actually, I pointed out to the Aptosid devs that the Debian Social Contract, which Aptosid expressly uses, states:
> For me personally “freedom” of software ends where I am unable to use my available hardware.
Exactly! It’s hard enough getting manufacturers to support Linux without creating taboos as well. No one I know likes using non-free components – it’s a matter of adapting to the current environment. It is getting easier to shop for hardware supported by free drivers, but am I to replace ALL my hardware now just for this?
But I don’t mean to exaggerate the problem – there are Aptosid devs that use NVidia drivers, and they do help keep them running. Some of the devs had an attitude about it, but obviously not all the devs agreed, because they forked to Siduction.
Thanks for the Sabayon tip – I’ve been hearing more about it (they have SpaceFM in their repos already). One of my issues with Gentoo was getting the video working, so that sounds inviting. I wonder does it still use Gentoo’s portage, etc? At any rate, that’s another one for the list. Choices, choices (what makes Linux good)…
Sabayon uses its own package management system called entropy:
https://wiki.sabayon.org/index.php?title=Entropy
Works pretty nice !
I would say that Aptosid and Sabayon are “brothers in mind”. Both are based on the testing version of the base distribution with a lot of good work put into them.
I am surprised that Sabayon is so less known out there.
As for Ubuntu things seem getting worse from release to release :-(
This hurts me since I have been a long time Ubuntu user and still use Xubuntu 11.10 as main OS but I guess that my next OS will rather be aptosid or Sabayon.
It has all been a story of forks. From Kanotix to Sidux to Aptosid to Siduction.
It was all to be expected, because the original people who forked Kanotix were rude and arrogant.
After they forked Kanotix I didn’t really follow them any more, also because I never believed that using Debian Sid was a good idea. I use Testing, which is marginally less bleeding edge but much better tested.
By activating one siduction repo you can follow Towos more nvidia-proprietay friendly kernel. Because of problems with the bleeding edge linux-3.4.0 there is also an older linux-3.3.7 from Towo at siduction. You can even get support from him at aptosids forum.
The more genuine and special siduction release might become the razorqt release in some weeks.
Your software selection is very close to mine with some small exceptions (Xfce4, Opera and Transmission). I am leaving this comment because I think you should try the new Qpdfview, which is smaller and has less dependencies than Evince, and gives the user a lot more flexibility, tabs support… (I’m not tied to the project by any means)!
# apt-get install qpdfview
Does siduction or Aptosid have newer packages compared to Arch? Do you have any idea. Currently I am using Gentoo and couldn’t be more happier becoz of all the distros I have used, Gentoo is one distro I didn’t have to hunt for different repos for the software I use.