Cool. I'm pretty excited for the new login manager. Maybe now KDE will be able to fit all customization options (wallpaper, lockscreen, login screen) on a single Settings page.
The beta installer was completely unsuccessful in setting the TPM-backed disk encryption on both a ThinkPad X1 Carbon (Intel 258V) and a ThinkPad P14s (AMD 300-something). Hopefully they ironed that part out in the release, but it seems still early for this feature (at least for my comfort level).
The constructed policy is quite strict and expects certain UEFI things to be set up correctly. For example both this https://github.com/canonical/secboot/blob/7434bac27844362ff8... and https://github.com/canonical/secboot/blob/7434bac27844362ff8... are enabled in the policy. The policy choices and various early checks, even as trivial as confirming that the TCG log content is correct after booting into installation system, are enough to rule out a lot of potentially problematic EFI deployments. Effectively making it more strict helps avoid a lot of funny issues where the firmware is clearly buggy and things would fall apart sooner or later.
Strict is probably good. My company started to enable bitlocker this year on win11, and a non trivial amount of initial encryptions seem to be failing, destroying the user data and requiring a full reformat.
Keeping the key in the same room as the padlock only protects against casual drive theft and secure disposal.
Personally I'm more worried about someone stealing the entire server or a local threat actor.
Sure, keep TPM to help with boot integrity, maybe even a factor for unlock, but things like Clevis+Tang (or Bitlock Network Unlock for our windows brethren) is essential in my opinion.
TPM locking is for ensuring the disk isn't removed from your machine. It's technically possible that someone could tap the hardware while the disk is still in your machine, but otherwise they're stuck contending with whatever other security setup you have on your machine.
The TPM locked disk encryption is more like embedding your safe in concrete with deep foundations. It doesn't affect the thickness or quality of your safe.
In what way is TPM protecting your data if someone steals the entire server? TPM only ensures that the boot environment has not been modified. Whatever key is being used to automatically decrypt the disk would be in the clear.
Unless I'm misunderstanding your situation, I think you should look up the "Evil Maid Attack" to better understand how to mitigate risk for your threat model.
assuming there are no bugs in linux and you enable full memory encryption in BIOS, it protects you in the same way the FBI cant get into a locked iphone they physically posess
but linux is not as secure as an iphone, and linux users typically dont know how to set this up, so in practice you are right, it doesnt protect you
My threat model is a junkie breaks in to my house and flips my server on facebook marketplace. Then the buyer curiously pokes through my hard drives. Of course if protecting against government agencies is the threat model then TPM alone isn't enough.
For me, a zero friction way to have decent security is worlds better than the normal state where homeservers are not encrypted at all.
I just don't understand where the protection comes from if you have automatic password entry. If the thief boots up the server it is just as convenient for them as it is for you.
Your threat model is the same as my use of a laptop: regular LUKS with a password is enough on its own. Add TPM if you want to know that you're entering your password in a secure boot environment (ie. protect against a fake LUKS screen that steals your password).
Because you'll boot up in to a password prompt. So you'd need a password bypass exploit to get in. If you attempt to change the boot device or kernel the TPM won't release the key.
Yes, but not by automating the password process. You could probably do some sort of remote authentication with a custom iniramfs that will "phone home" for a key but that initramfs, even if signed and protected from tampering, is still exposing the authentication end point.
The attacker would just need to spoof the request to gain the key.
The comments there note there is no official Ubuntu MATE release for the first time since Ubuntu 15 (and before 14.04 gnome2 was an option). That's a shame but probably most people who chose MATE (or gnome2) no longer chose Ubuntu due to the conflicting ideologies inherent in the two. MATE users generally don't like change for change's sake.
not sure if this confirms the impression you have there... I wasn't like this until a couple of headless VPS'es (on Arm8) got through the upgrade from 18.x -> 20.x -> 22.x and then crashed out over -> 24.x for a still unknown reason. now I'm just afraid .. or I should say reluctant ..to repeat that whole fiasco.
There were some issues with how the menu icon manager handled the new security policy defaults. This means the editor will break, and the displayed menu may be missing any item that didn't follow the naming convention syntax. Its a lot of packages to bring into compliance, for that one silly feature the devs had to put in before it was ready...
Maybe they fixed it since the rc release, but there were some rough edges in Feb... the kernel USB support cooked the thumb drive partition structure.
In 22.04 to 24.04 the kernel Nvidia GPU driver EOL abandonment began... In 26.04 people will discover most EOL hardware support prior to RTX series will be difficult to bring up.
Probably wise to wait a few weeks for the bug reports to clear out a bit. =3
What should I use if I like Ubuntu but not snap, just Debian? Or are there alternatives around? Seems like Ubuntu has the best hardware and driver support so just curious what's new in Linux land.
This looks like it might be the best solution, no snap, maintained by an actual system integrator and laptop maker, and I also like the new Rust-based desktop environment. I wonder how well it runs on Framework laptops or MacBooks as well.
Linux Mint, Zorin OS, Linux Lite, Pop OS, and several less famous distros are all based on Ubuntu. New versions of all of them will follow this new LTS release in time.
Mint forked GNOME 3 to make something more Windows-like.
Zorin customised upstream GNOME with a lot of extensions.
Pop removed it and replaced it with their own homegrown desktop, written in Rust. It's actually pretty good and works well.
PopOS started as Ubuntu with better hardware enablment but it has evolved far beyond that. They have been removing all the snap stuff. The have done tons of work on DE (Cosmic) and in general don't go along with Gnome or Ubuntu strangness. But yes its Ubuntu and Debian derived.
I distro hopped for a while and settled on Linux mint. Uses flat packs. Hits the spot for easy to use and easy to maintain without needing to use terminal scripts to get things my way. Just my opinion.
I’m curious about proprietary Nvidia drivers. Ubuntu normally comes with fairly outdated, if not obsolete ones, but there’s a semi-official PPA with more recent versions. How does Debian handle this?
I have used Pop OS for years and for me it was the most smooth desktop environment I've ever used.
They have been working on a custom Desktop Environment which sadly still isn't very stable yet. Promising development, but putting me off of using Pop for a while.
I just put the new popos on my laptop and am still running the old version on my primary desktop. Agreed that Cosmic is not quite ready for prime time yet, but it is pretty impressive the state it's in for how new it is. Haven't had any show stopping bugs on the laptop, just a few small quirks.
Debian has their own nvidia driver packages (it's nvidia's drivers repackaged in a nice way that integrates with the system well). I can't say if they're "outdated" or how different they are from what ubuntu ships, but they've always worked very well for me.
Debian offers Nvidia drivers as well although they tend to be outdated. Thankfully you can use Nvidia's official .deb repos to get the latest drivers on both Debian and Ubuntu.
Awesome, this must be a recent thing, when I last checked about a year ago the latest drivers from restricted were a couple versions behind. Many people always complained about it on reddit, AskUbuntu etc, which is where I found out about the PPA.
We deployed 570 and 580 in the April-June 2025 time frame, so I'm not sure what you were looking at, but they've tried to keep up with the latest for a while.
Anyway, the main issue with Debian, Ubuntu, and Nvidia is about licensing. GNU/Linux is free software, and Nvidia drivers are not. Loading a non-free driver is known as “Tainting the Kernel”.
Now Debian is packaging non-free drivers in the iso images directly. I would suggest to try Debian first, if it works well for you just keep it.
If you feel the need for newer packages, try other alternatives (or Debian unstable). I’ve set down on Fedora with XFCE, it’s really stable yet packages feel new.
The issue is them adding it back, sometimes even on apt upgrade, or silently installing it as a dependency for certain apps without mentioning it unless you look closely. That gets tiring after a while and I gave up on Ubuntu as even after having removed snap multiple times it always returned.
Or, for a more server-appropriate example, 'frr'. The BGP daemon. It's not just desktop things like 'firefox' before someone tries that angle.
I haven't tried it in a few LTS releases and I'm away from a computer. Still, I'd bet this release continues the pattern. Fat chance Canonical decided to go back to more build targets/backporting/testing.
I've not used Linux on the desktop for some years⁰ but as I move back this sort of thing is why I'm not considering Ubuntu². If I want to dig into settings like that to keep my preferences I might as well stick with Windows.
Yes, the control to be able to tweak the system to my liking is one of the attractions or Linux, but not when I have to in order to avoid behaviours that I don't want being reasserted.
[not that I expect nor particularly want Ubuntu to change, I just accept that I'm not part of its target audience and I'll be better served elsewhere - choice is a great thing!]
----
[0] heading back there now as Windows11 is not happening on my home machines¹, I feel that I shouldn't have let Windows10 happen, looking back.
[1] aside from the laptop that came with it that I'll keep there for Office and DayJob compatibility for a while.
[2] Currently running Debian³ on the other laptop, main desktop will likely go that way if it isn't decommissioned completely, and I use a dock with the laptops instead.
[3] As that is what I use server-side more often than not.
Not listening to users is what drove me away from windows. Not a fan of snaps either (or forced windows updates). Recently re-tried linux going to debian instead, which i really like. Reminds me of the old dos days. Gnome was a no-go, kde was nice but too buggy, cinnamon turned out to be perfect. So here i am, on linux finally, enjoying having my computer back and playing around like its 1992 again.
I was using Ubuntu and installed the apt version of Firefox as the snap version would not open html files in locations like /var/tmp and would not work with USB devices. Every time I ran `do-release-upgrade`, all of that work would need to be redone. It was very annoying.
Ubuntu is the Windows 11 of Linux. You have to do brain surgery on it post install, to remove unwanted crap. At least there's the option of using a different distro.
Dunno about the this release, but till 24.4 it was simply a matter of removing some packages then holding/masking the primary snapd one, followed by manually adding the official PPAs for Mozilla’s stuff (or just use the Flatpak).
Of course, there’s still the philosophical and long term issues with staying on a distro that’s promoting and continuosuly expanding the thing you dislike…
This is what I do, because on my work computer IT imposed Ubuntu.
I initially tried to just use snaps but firefox was crashing quite often so I had to go with adding the mozilla's repository and of course configure the fake "firefox" package that actually installs the snap to be low priority for apt.
This is a bad strategy, I fell victim for. I configured so it would use apt instead of snap package, but canonical silently stopped shipping packages and I was running some packages that were not updated for a long time and debugging weird bugs, because I didn't assume that this was a problem. If one wants Ubuntu, one must accept snap. If you use apt with disallowed transition to snap, you might be stuck with old packages that were transitioned to snap.
My choice for now is Debian, didn't finish transition yet, very annoying to plan this in my schedule. I'll churn from Ubuntu after more than 15 years of daily driving... I also don't like ubuntu user with uid:gid 1000 in their Docker images. It's a cancer.
+1. I recently picked up a secondhand Framework, and, after almost 15 years of holding out with Mint + MATE, berated myself for resisting change and put in an unreasonable amount of effort trying to modernize and reacclimate to Ubuntu + GNOME 3.
It was painful, with an endless laundry list of things to troubleshoot, tinker with, and add to my digital notebook in attempt to get anything resembling a personally ergonomic workflow.
I implore anyone to just go with Mint or anything else that takes care of ripping out snaps for you if you don't want snaps (but otherwise still like or are used to most things about Ubuntu). There were too many downstream and other issues, related and unrelated, for my sanity.
Like someone else said, if I have to dig through settings to do that then I might as well use Windows. It's better to use something that doesn't even have snap in the first place via another distro than play cat and mouse with Canonical.
I have a year ago switched from Ubuntu to Fedora and I like it. Clean and stable. Uses Flatpak. I'm using Fedora Workstation which is the default, but Fedora KDE Plasma seems to be nice as well if you want to have more configuration options available directly in the GUI. And the layout is more Windows like with start button menu etc for people coming from the Windows side.
Gaming-oriented distros like CachyOS and Bazzite might be what you want. I'm on Cachy and can recommend it. Because they try to "just work" without jumping through hoops.
Even though I very much intenseley dislike the completely unintuitive idiosyncratic package management that Arch has. Which is further not helped by the fact that Cachy's default GUI for it isn't even integrated properly.
I was in the same spot recently, and my friends recommend Linux Mint. It is built on top of Ubuntu LTS, and no snap. I've been using it for the past few weeks in my old desktop computer. Definitely Good. Perfect fit for your needs
I switched to Debian and have been happy with it. The release cycle is less frequent than Ubuntu Desktop, which means fewer disruptions, and Debian Backports make it easy to pick new versions of the important stuff. Flatpak is also available on Debian.
Linux Mint is widely praised for being basically Ubuntu without the worst Canonicalisms (such as Snap). They maintain a Debian edition in parallel to their main one, as an exit strategy in case Ubuntu ever becomes unsuitable for their base. Some people already use that as their daily driver.
Just in case you're not aware, the default desktop environment on whatever distro you pick doesn't have to be what you use. I switched to KDE Plasma when Gtk-based desktops became intolerable, and haven't looked back.
Do the Mint team treat fixing the other half of the problem, the GNOMEisms, as out-of-scope?
Asking because I maintain my own pile of gsettings and .gtkrc tweaks as mitigations yet pain points remain, apparently unfixable outside the source code.
Their approach to GNOMEisms is to officially support three desktop editions: Cinnamon (based on GNOME 3), MATE (based on GNOME 2), and Xfce (based on more recent Gtk). I don't think they try to tame modern GNOME, and I wouldn't expect them to, since that would be an endlessly difficult moving target.
If you want more detail, you should ask someone who still uses Gtk-based desktops, or try them yourself. I gave up on Gtk a couple years ago.
MX Linux also looks interesting. Like Ubuntu, it's a Debian derivative. It offers a supported path for avoiding systemd and has an official KDE Plasma edition, both of which appeal to me. I haven't had a chance to try it yet.
“Urban myth” kind of suggests that it was never true, which isn't the case, though it is one of those out-dated truths that doesn't go away quickly.
At one time Ubuntu as the easiest distro to get certain hardware running with because of the inclusion of proprietary drivers & codecs (unlike its Debian parent, amongst others, at least at the time) and making them easy, near-automatic, to configure compared to others that did include them. The distinction is long gone, and Ubuntu is simply one of several (many) good ones in that regard, but the perception that others have not long since caught up persists.
It used to be true. I've never had problems using the proprietary Nvidia drivers on Ubuntu. You used to have to jump through a bunch of hoops to get them installed on Debian. Now Ubuntu lags behind on kernel versions leaving new hardware less usable.
I can't believe people like Snap when in the name of security it breaks basic things such as accessing a folder on a different mount point that the user normally can access perfectly fine.
A packaging system should not break the basic abstractions of an OS.
Yeah, this was the frustrating bit to me. I use Firefox to look at stuff that lives in /tmp/, Snap Firefox can't do this. I'd remove Snap Firefox, pin the priorities and it would still silently crawl it's way back in after a week or two no matter what I tried. I gave up Ubuntu. Earlier versions used to respect the priorities but something changed.
Easier said than done, surprise: apt, who we know and love, is redirected to Snap for an ever-increasing number of packages.
"Don't use Snap", you say? I'll do you one better! Skip Ubuntu. 'Just' use anything else more suitable. Debian is an excellent replacement being upstream, but I hold no illusions over undeclared requirements.
Some server stuff is hit too! I learned about this pattern through the BGP daemon 'frr'. No idea how many server packages are/may be captured by Snap, but it's worth being aware of. Imagine my surprise. Remove it and bam, no networking.
Doing a quick test on 24.04: on a system without snapd installed, `apt install frr` installs packages and not any Snap stuff. Will have to see about 26.04 when I get a moment.
Thanks for digging in, as I mentioned earlier in this thread/another [lost track], I haven't messed with this in at least two LTS releases. Good to see it's aware at install time; this wasn't always the case.
How about the inverse, purging? At one point, removing Snap would lose BGP announcements [through the loss of the 'frr' software/service it was managing].
Anyway, I'm willing to believe most of my install/dependency-resolution pain was inspired by [and limited to] 18.04 or whatever was immediately after. We had a fleet of systems inadvertently moved to Snap, only learned through a loss of announcements on removal.
edit: Tested on a 24.04 box I had laying around; removing Snap does indeed still rip out things one might want:
Likely fine in your case, where if memory serves, you're removing Snap in the image/provisioning stage. Cooks in busy kitchens may still be surprised, however. The real problem appears solved: 'you' get the software 'you' asked for.
> With 24.04 at least, doing an 'apt purge snapd' seems to be quite useful. Is that not sufficient?
For the moment, later pulling a package that is redirected would undo that effort. As the peer points out, too, that would likely rip out stuff you're using without having already configured preference.
One could maintain a boundless list of configs pinning repository preferences... or they could use a distribution that doesn't have a predisposition towards Snap.
Snap is preinstalled on all official Ubuntu graphical editions.
However, Xubuntu's _Minimal_ install does not include any snap packages at all, not even a browser. This means it's trivial to remove snapd:
sudo apt purge snapd
Then you can install the `extrepo` command, and use it to install Firefox ESR direct from Mozilla's repos, or Chrome from Google's repos.
Once it's online you can copy and paste a couple of commands to "pin" snapd and prevent it from being reinstalled. Then you can switch to current Firefox or anything else without snapd sneaking back in.
Xubuntu Minimal is also available as a separate ISO file, which is not true of any of the other flavours.
Both are great. I'm currently using the Debian Editon, that at least for me works out of the box. The transition from the Ubuntu-based traditional edition was seamless. I used Mint MATE before.
If you want something desktop oriented and Ubuntu based without the focus on snaps, take a look at Linux Mint: https://www.linuxmint.com/ (there's Cinnamon, Xfce and MATE versions; personally I think Cinnamon is pretty good nowadays)
> What should I use if I like Ubuntu but not snap […]
Because of business needs, if you're stuck with using Ubuntu (at least in some situations), an `apt(-get) purge snapd` helps. It's in all of our auto/post-install stuff.
Debian is fine but their kernels are so old if you have any new hardware it can be clunky and you have to fiddle with backports of the bleeding edge version
Ubuntu LTS is still the choice for many production environments and education and learning. As someone with Ubuntu from 2010 CDs, I find it refreshing that modern Ubuntu distros work OOB on most computers these days with excellent driver support.
Is this even true? I mean, Windows is the main focus for all hardware vendors, and everybody who has owned a PC knows that malfunctions are unavoidable. If that is the case for Windows, then Linux cant be better.
When I was shopping Lenovo.com for my ThinkPad in 2018, there was a table with ThinkPads certified for Ubuntu Linux in one column, and certified for Red Hat Enterprise Linux in another column.
I chose the T580 as a RHEL-certified notebook, and it was fantastic. Lenovo.com let me configure each individual component exactly according to my needs and tastes, and it was custom-assembled and shipped from Shenzhen.
It did arrive with Windows 10 pre-installed (this was the least hassle and most popular OS option). I initially installed CentOS, but quickly realized that Fedora would be the sweet spot, and so it was a Fedora system for most of its lifetime. Near the end, I did revert to Windows 10, which also worked flawlessly.
The ThinkPad T580 literally never malfunctioned. It was still 100% working when I turned it in for recycling in 2025.
I've also run Ubuntu on my "daily driver" desktop system, which ran from 2006-2022. Yes, that's 16 years' worth of Ubuntu installs and upgrades. It was mostly a KDE Plasma (Kubuntu) system. I enjoyed every bit of that.
In 1999, I was avidly using OpenBSD on really old hardware (such as HP Apollo 425t workstations.) OpenBSD simply couldn't deal with the special graphics subsystem on those machines. I tried and tried to get something working, but there were obstacles, not only with the hardware and drivers, but also the monitor connection needed a particular type of cabling and a proprietary monitor, too.
However, OpenBSD did great for networking, security, Squid cache, proxies, all kinds of things. And even in 1999, though it was early, I ran Linux on a 386DX-40, because Linux supported the "ftape" floppy tape driver at that time, and I had some kind of QIC tape backup from Eagle that wouldn't be recognized by OpenBSD or NetBSD.
Meanwhile, in that same year, my "daily driver" desktop machine was a 486 with VLB, dual-booting Windows 98 and OpenBSD. The Windows 98 was set up with a Cygwin system and X11 server, so that I could run X11 clients on the OpenBSD machines, or the Linux machine, or whatever else was on the LAN.
20 years ago your Linux installation might not include wifi drivers, bluetooth support, decent GPU drivers, fat32/ntfs drivers, or the widely used video/audio codecs of the era. And you had to be careful when shopping for things like wifi cards, as only certain chipsets could be made to work.
Much of which was kinda fair enough, because if you're a volunteer making an open source OS because of a strong belief on the open source ideal, you don't want to distribute closed-source driver blobs or patent-encumbered codecs. But it meant mean the initial installation process was not always easy. One of the things that contributed to the success of Ubuntu was a particularly easy initial setup process.
Today, things are a lot better - you'll still get unsupported hardware from time to time, but it'll be much less severe. If your laptop has a non-USB integrated camera you might have to download and install a kernel module. Your corporate laptop's built in fingerprint scanner might not work, but who cares?
> 20 years ago your Linux installation might not include wifi drivers, bluetooth support, decent GPU drivers, fat32/ntfs drivers, or the widely used video/audio codecs of the era.
To be quite fair, this is pretty much the only reason Ubuntu exists. It started off as "Debian for people who just want stuff to work", but these days Debian even ships non-free wifi drivers on the install media. I've personally used both extensively and apart from the "enterprise support" argument and the minor convenience of having ZFS pre-compiled, I see no reason to use Ubuntu.
https://meetbot.fedoraproject.org/meeting_matrix_fedoraproje...
https://youtu.be/RuxNnfllxco?t=3894 - Neal Gompa on the Fedora 44 Release party stream,
This is going to be very useful for servers hosted in third party DCs.
Personally I'm more worried about someone stealing the entire server or a local threat actor.
Sure, keep TPM to help with boot integrity, maybe even a factor for unlock, but things like Clevis+Tang (or Bitlock Network Unlock for our windows brethren) is essential in my opinion.
The TPM locked disk encryption is more like embedding your safe in concrete with deep foundations. It doesn't affect the thickness or quality of your safe.
Unless I'm misunderstanding your situation, I think you should look up the "Evil Maid Attack" to better understand how to mitigate risk for your threat model.
but linux is not as secure as an iphone, and linux users typically dont know how to set this up, so in practice you are right, it doesnt protect you
For me, a zero friction way to have decent security is worlds better than the normal state where homeservers are not encrypted at all.
Your threat model is the same as my use of a laptop: regular LUKS with a password is enough on its own. Add TPM if you want to know that you're entering your password in a secure boot environment (ie. protect against a fake LUKS screen that steals your password).
The attacker would just need to spoof the request to gain the key.
not sure if this confirms the impression you have there... I wasn't like this until a couple of headless VPS'es (on Arm8) got through the upgrade from 18.x -> 20.x -> 22.x and then crashed out over -> 24.x for a still unknown reason. now I'm just afraid .. or I should say reluctant ..to repeat that whole fiasco.
https://cdimage.ubuntu.com/ubuntu-mate/daily-live/current/
Maybe they fixed it since the rc release, but there were some rough edges in Feb... the kernel USB support cooked the thumb drive partition structure.
In 22.04 to 24.04 the kernel Nvidia GPU driver EOL abandonment began... In 26.04 people will discover most EOL hardware support prior to RTX series will be difficult to bring up.
Probably wise to wait a few weeks for the bug reports to clear out a bit. =3
Linux Mint, Zorin OS, Linux Lite, Pop OS, and several less famous distros are all based on Ubuntu. New versions of all of them will follow this new LTS release in time.
Mint forked GNOME 3 to make something more Windows-like.
Zorin customised upstream GNOME with a lot of extensions.
Pop removed it and replaced it with their own homegrown desktop, written in Rust. It's actually pretty good and works well.
They have been working on a custom Desktop Environment which sadly still isn't very stable yet. Promising development, but putting me off of using Pop for a while.
Ubuntu 24.04 currently comes with 590, which is the most recent working driver.
I see the latest—580, 590, 595—available (scroll to bottom):
* https://packages.ubuntu.com/search?keywords=nvidia-dkms
Am I missing something?
Anyway, the main issue with Debian, Ubuntu, and Nvidia is about licensing. GNU/Linux is free software, and Nvidia drivers are not. Loading a non-free driver is known as “Tainting the Kernel”.
https://wiki.debian.org/NvidiaGraphicsDrivers
The information on their wiki may be a year out of date. But the principles still apply.
If you feel the need for newer packages, try other alternatives (or Debian unstable). I’ve set down on Fedora with XFCE, it’s really stable yet packages feel new.
Make a list of all ppa before proceeding.
What is your use case?
I haven't tried it in a few LTS releases and I'm away from a computer. Still, I'd bet this release continues the pattern. Fat chance Canonical decided to go back to more build targets/backporting/testing.
Do you mean you just don't follow instructions?
Yes, the control to be able to tweak the system to my liking is one of the attractions or Linux, but not when I have to in order to avoid behaviours that I don't want being reasserted.
[not that I expect nor particularly want Ubuntu to change, I just accept that I'm not part of its target audience and I'll be better served elsewhere - choice is a great thing!]
----
[0] heading back there now as Windows11 is not happening on my home machines¹, I feel that I shouldn't have let Windows10 happen, looking back.
[1] aside from the laptop that came with it that I'll keep there for Office and DayJob compatibility for a while.
[2] Currently running Debian³ on the other laptop, main desktop will likely go that way if it isn't decommissioned completely, and I use a dock with the laptops instead.
[3] As that is what I use server-side more often than not.
I was using Ubuntu and installed the apt version of Firefox as the snap version would not open html files in locations like /var/tmp and would not work with USB devices. Every time I ran `do-release-upgrade`, all of that work would need to be redone. It was very annoying.
Dunno about the this release, but till 24.4 it was simply a matter of removing some packages then holding/masking the primary snapd one, followed by manually adding the official PPAs for Mozilla’s stuff (or just use the Flatpak).
Of course, there’s still the philosophical and long term issues with staying on a distro that’s promoting and continuosuly expanding the thing you dislike…
I initially tried to just use snaps but firefox was crashing quite often so I had to go with adding the mozilla's repository and of course configure the fake "firefox" package that actually installs the snap to be low priority for apt.
My choice for now is Debian, didn't finish transition yet, very annoying to plan this in my schedule. I'll churn from Ubuntu after more than 15 years of daily driving... I also don't like ubuntu user with uid:gid 1000 in their Docker images. It's a cancer.
It was painful, with an endless laundry list of things to troubleshoot, tinker with, and add to my digital notebook in attempt to get anything resembling a personally ergonomic workflow.
I implore anyone to just go with Mint or anything else that takes care of ripping out snaps for you if you don't want snaps (but otherwise still like or are used to most things about Ubuntu). There were too many downstream and other issues, related and unrelated, for my sanity.
I was merely saying that you a couple commands you can uninstall snap and disable it from appearing ever again.
Even though I very much intenseley dislike the completely unintuitive idiosyncratic package management that Arch has. Which is further not helped by the fact that Cachy's default GUI for it isn't even integrated properly.
Linux Mint is widely praised for being basically Ubuntu without the worst Canonicalisms (such as Snap). They maintain a Debian edition in parallel to their main one, as an exit strategy in case Ubuntu ever becomes unsuitable for their base. Some people already use that as their daily driver.
Just in case you're not aware, the default desktop environment on whatever distro you pick doesn't have to be what you use. I switched to KDE Plasma when Gtk-based desktops became intolerable, and haven't looked back.
Do the Mint team treat fixing the other half of the problem, the GNOMEisms, as out-of-scope?
Asking because I maintain my own pile of gsettings and .gtkrc tweaks as mitigations yet pain points remain, apparently unfixable outside the source code.
If you want more detail, you should ask someone who still uses Gtk-based desktops, or try them yourself. I gave up on Gtk a couple years ago.
MX Linux also looks interesting. Like Ubuntu, it's a Debian derivative. It offers a supported path for avoiding systemd and has an official KDE Plasma edition, both of which appeal to me. I haven't had a chance to try it yet.
It is an urban myth
At one time Ubuntu as the easiest distro to get certain hardware running with because of the inclusion of proprietary drivers & codecs (unlike its Debian parent, amongst others, at least at the time) and making them easy, near-automatic, to configure compared to others that did include them. The distinction is long gone, and Ubuntu is simply one of several (many) good ones in that regard, but the perception that others have not long since caught up persists.
A packaging system should not break the basic abstractions of an OS.
"Don't use Snap", you say? I'll do you one better! Skip Ubuntu. 'Just' use anything else more suitable. Debian is an excellent replacement being upstream, but I hold no illusions over undeclared requirements.
With 24.04 at least, doing an 'apt purge snapd' seems to be quite useful. Is that not sufficient?
For servers, this may not be a problem for us. Currently on 24.04, so will have to see how things are ≥25.10.
* https://packages.ubuntu.com/search?keywords=frr
in addition to a Snap:
* https://snapcraft.io/install/frr/ubuntu
Doing a quick test on 24.04: on a system without snapd installed, `apt install frr` installs packages and not any Snap stuff. Will have to see about 26.04 when I get a moment.
How about the inverse, purging? At one point, removing Snap would lose BGP announcements [through the loss of the 'frr' software/service it was managing].
Anyway, I'm willing to believe most of my install/dependency-resolution pain was inspired by [and limited to] 18.04 or whatever was immediately after. We had a fleet of systems inadvertently moved to Snap, only learned through a loss of announcements on removal.
edit: Tested on a 24.04 box I had laying around; removing Snap does indeed still rip out things one might want:
Likely fine in your case, where if memory serves, you're removing Snap in the image/provisioning stage. Cooks in busy kitchens may still be surprised, however. The real problem appears solved: 'you' get the software 'you' asked for.For the moment, later pulling a package that is redirected would undo that effort. As the peer points out, too, that would likely rip out stuff you're using without having already configured preference.
One could maintain a boundless list of configs pinning repository preferences... or they could use a distribution that doesn't have a predisposition towards Snap.
Snap is preinstalled on all official Ubuntu graphical editions.
However, Xubuntu's _Minimal_ install does not include any snap packages at all, not even a browser. This means it's trivial to remove snapd:
sudo apt purge snapd
Then you can install the `extrepo` command, and use it to install Firefox ESR direct from Mozilla's repos, or Chrome from Google's repos.
Once it's online you can copy and paste a couple of commands to "pin" snapd and prevent it from being reinstalled. Then you can switch to current Firefox or anything else without snapd sneaking back in.
Xubuntu Minimal is also available as a separate ISO file, which is not true of any of the other flavours.
https://en.wikipedia.org/wiki/Nvidia_Jetson#Software
The other things mentioned in that Wikipedia page are not open source.
(as far as I can tell)
Use Fedora if you dislike snap. Canonical has made their stance clear and are hostile to users for a long time now on this matter.
You get all the driver support and tools from the Ubuntu base, with some nice additons. However, not all desktop environment are supported.
If you want something desktop oriented and Ubuntu based without the focus on snaps, take a look at Linux Mint: https://www.linuxmint.com/ (there's Cinnamon, Xfce and MATE versions; personally I think Cinnamon is pretty good nowadays)
Because of business needs, if you're stuck with using Ubuntu (at least in some situations), an `apt(-get) purge snapd` helps. It's in all of our auto/post-install stuff.
But my recent upgrade to Pop version 24.04 has been a bit of a step back in terms of desktop experience.
I suspect it's growing pains from (switching to Wayland) + (non-System76 hardware) + (laptop with nVidia dGPU + external monitor).
So with different hardware, and/or some more time to mature, this Pop release will probably be a very solid choice.
2. Install the kernel from Backports.
I don't think of such a simple process as "fiddling", but to each his own I guess.
Distro like Ubuntu are a fair compromise to get amd/nvidia GPU drivers, wifi, and brother laser printer/scanner networking installed. =3
edit: seriously, why down vote the guys karma if its a honest question. Try to be kind people.
When I was shopping Lenovo.com for my ThinkPad in 2018, there was a table with ThinkPads certified for Ubuntu Linux in one column, and certified for Red Hat Enterprise Linux in another column.
I chose the T580 as a RHEL-certified notebook, and it was fantastic. Lenovo.com let me configure each individual component exactly according to my needs and tastes, and it was custom-assembled and shipped from Shenzhen.
It did arrive with Windows 10 pre-installed (this was the least hassle and most popular OS option). I initially installed CentOS, but quickly realized that Fedora would be the sweet spot, and so it was a Fedora system for most of its lifetime. Near the end, I did revert to Windows 10, which also worked flawlessly.
The ThinkPad T580 literally never malfunctioned. It was still 100% working when I turned it in for recycling in 2025.
I've also run Ubuntu on my "daily driver" desktop system, which ran from 2006-2022. Yes, that's 16 years' worth of Ubuntu installs and upgrades. It was mostly a KDE Plasma (Kubuntu) system. I enjoyed every bit of that.
In 1999, I was avidly using OpenBSD on really old hardware (such as HP Apollo 425t workstations.) OpenBSD simply couldn't deal with the special graphics subsystem on those machines. I tried and tried to get something working, but there were obstacles, not only with the hardware and drivers, but also the monitor connection needed a particular type of cabling and a proprietary monitor, too.
However, OpenBSD did great for networking, security, Squid cache, proxies, all kinds of things. And even in 1999, though it was early, I ran Linux on a 386DX-40, because Linux supported the "ftape" floppy tape driver at that time, and I had some kind of QIC tape backup from Eagle that wouldn't be recognized by OpenBSD or NetBSD.
Meanwhile, in that same year, my "daily driver" desktop machine was a 486 with VLB, dual-booting Windows 98 and OpenBSD. The Windows 98 was set up with a Cygwin system and X11 server, so that I could run X11 clients on the OpenBSD machines, or the Linux machine, or whatever else was on the LAN.
20 years ago your Linux installation might not include wifi drivers, bluetooth support, decent GPU drivers, fat32/ntfs drivers, or the widely used video/audio codecs of the era. And you had to be careful when shopping for things like wifi cards, as only certain chipsets could be made to work.
Much of which was kinda fair enough, because if you're a volunteer making an open source OS because of a strong belief on the open source ideal, you don't want to distribute closed-source driver blobs or patent-encumbered codecs. But it meant mean the initial installation process was not always easy. One of the things that contributed to the success of Ubuntu was a particularly easy initial setup process.
Today, things are a lot better - you'll still get unsupported hardware from time to time, but it'll be much less severe. If your laptop has a non-USB integrated camera you might have to download and install a kernel module. Your corporate laptop's built in fingerprint scanner might not work, but who cares?
To be quite fair, this is pretty much the only reason Ubuntu exists. It started off as "Debian for people who just want stuff to work", but these days Debian even ships non-free wifi drivers on the install media. I've personally used both extensively and apart from the "enterprise support" argument and the minor convenience of having ZFS pre-compiled, I see no reason to use Ubuntu.
https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/8...
Goes to show that not all security bugs are memory related bugs
I wonder if Redox has a much better API; at least I hope it does.