back to article Dependable Debian is like a rock in a swirling gyre of 'move fast and break things', and version 11 is no different

The Debian 11 is the venerable Debian Project's first new release in more than two years, nicknamed "Bullseye" after the Toy Story character and supplanting Debian 10 "Buster" (all Debian releases bear names from the kids' film). Since Debian is the source from which dozens of other distros draw, notably Ubuntu, its major …

  1. KarMann Silver badge
    Linux

    Good timing for new Debian

    If you're already happy with your distro of choice, there may not be a lot to tempt you into Debian.
    If, on the other hand, you're one of us many disgruntled former CentOS users, this may be right up our alley. I've started using Buster for our new work servers since the debacle, but there should be stuff we need in Bullseye that just wasn't there in Buster.

    1. Smirnov

      If, on the other hand, you're one of us many disgruntled former CentOS users

      "If, on the other hand, you're one of us many disgruntled former CentOS users, this may be right up our alley."

      I'm not sure a purely community-driven Linux distro with a long track record of bad decisions (including some really bad security fuckups) and with just two years of support (plus another three years for the "LTS" support by another, smaller community) makes for a good replacement for classic CentOS (which was pretty much a 1:1 copy of the largest enterprise-level Linux distro, RHEL). Even more so considering that commercial ISV support for Debian is negligible at best.

      Debian is great if you like fiddling with your operating system guts, but it's as far away from what CentOS (Community Enterprise OS) is as any Linux distro can be.

      For disgruntled CentOS users which need the long-term support, stability, reliability and ISV support classic CentOS offered the only real alternatives are to either stick with the RHEL platform and move to one of the CentOS forks such as Rocky Linux, move to the other rpm-based enterprise Linux platform besides RH which SUSE (which is 2nd largest enterprise Linux vendor after RH) and its free distro openSUSE Leap, or go with Ubuntu LTS.

      oepnSUSE Leap is certainly worth a look, even more so considering that thanks to SUSE's management tool YaST it's probably the by far easiest to manage Linux distro out there.

      1. quxinot

        Re: If, on the other hand, you're one of us many disgruntled former CentOS users

        Debian just flat works. Sometimes it takes some work to hammer in 'newer' features that it lags behind on adding, no question! And once it works, it continues to do so.

        But boy, it's a joy to run updates that are improvements instead of needless jerking around with UI elements or other 'improvements' that don't live up to the name.

      2. Blackjack Silver badge

        Re: If, on the other hand, you're one of us many disgruntled former CentOS users

        He said Debian not Ubuntu.

      3. keithpeter Silver badge
        Windows

        Re: If, on the other hand, you're one of us many disgruntled former CentOS users

        "a long track record of bad decisions (including some really bad security fuckups)"

        Have you got a list of these? Would be educational.

        1. Anonymous Coward Silver badge
          Linux

          Re: If, on the other hand, you're one of us many disgruntled former CentOS users

          The main one that sticks in my mind was the not-so-random number generator that seeded ssh-keygen into generating predictable SSH keys.

          But this was a long time ago. Yes, I still use debian wherever I can (well, where it makes sense at least)

        2. Smirnov

          Re: If, on the other hand, you're one of us many disgruntled former CentOS users

          "Have you got a list of these? Would be educational."

          I did find a list some time ago but I no longer have the link. So I'll just link a few examples from memory:

          - There's of course the well-known OpenSSL fiasco (2008?)

          - There's the lesser well known systemd fiasco (2014), although that also affected Ubuntu.

          - In 2018 a bug was found which caused a regular update to remove various packages from servers (that one was great fun for some web hostel I know)

          - Also in 2018 there was another bug where pam-auth-update may empty config files and thereby deactivates all authentication (https://justi.cz/security/2019/01/22/apt-rce.html). Worth noting is that the bug was reported in Nov 1st, 2017 but the first reaction was not until almost 5 months later which for a security-related bug isn't exactly stellar.

          - In 2019 a remote code execution bug in apt/apt-get was found in Debian and derivates which was especially harmful because Debian insists that insecure http is good enough for its repositories. What makes this really said is that a similar bugs were already found in 2014 and 2016, yet no efforts were made to mandate something better than http as default protocol for repositories.

          This is the kind of stuff that should make toenails curl for anyone who needs to maintain a stable and secure Linux platform. Then there is other stupid stuff like this:

          In 2016 they had a bug where Debian's xscreensaver was telling its users that its package is obsolete. In a typical fashion, Debian's community didn't decide to simply update that package with a newer version, no they discussed how they could patch out the warning:

          https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819703

          Here's what the developer of xscreensaver had to say about this:

          https://www.jwz.org/blog/2016/04/i-would-like-debian-to-stop-shipping-xscreensaver/

          As I said, Debian is a great platform if you like to fiddle with the innards of your OS or want to build your own distribution, but in an enterprise scenario it's simply sub-par. That the Debian community is often more focussed on activism than fixing Debian's many problems and often quite toxic (including death threats to main contributors) doesn't help either, also that contributions often come from people who can't even write a proper bug report.

          So if you value what made classic CentOS so great then you won't find that in Debian.

          1. martyn.hare

            Re: If, on the other hand, you're one of us many disgruntled former CentOS users

            Why is this person being downvoted? He isn’t wrong here.

            Debian forked Firefox, leading to Debian-specific bug reports which couldn’t be upstreamed. Then there was the cdrecord/cdrtools incident where a fork (cdrkit) would make coasters out of discs…

            Until Kees Cook contributed security hardening to Ubuntu, Debian was willing to forego key package hardening compiler flags altogether, despite both Red Hat and Novell (at the time) implementing these features almost as soon as they were available.

            To this day, Debian is one of the few mainstream distros which does not confine system daemons out of the box using Mandatory Access Controls. This means stuff running as root really does have root privileges, which is bad news for folks who want traditional server farms…

            On the plus side, they have the most software and the most consistent integration, with in place upgrades being a breeze despite being major jumps in package versions each time. I really cannot complain about how well that side of things is handled. Also, unlike CentOS and Fedora, they don’t exclude things just because they’re non-free, which is refreshingly common sense and a good way to encourage folks to develop for your distro first.

            Also, the non-profit approach has led to superior results in many areas. Debian supports many more architectures and does so in a way where the distro supports true multi arch not just multi lib. This is a key piece of future proofing for legacy compatibility as ARM rears its head; folks will be able to “just run” ARM, x64 and x86 apps seamlessly on Debian while others play catch-up.

            There are pros and cons to everything. Me? I’m going to try WinGet and see if it beats out apt!

      4. teknopaul

        Re: If, on the other hand, you're one of us many disgruntled former CentOS users

        "a purely community-driven Linux" where the community includes heavyweights like Google and Cannonical is more like an industry standard.

        1. Smirnov

          Re: If, on the other hand, you're one of us many disgruntled former CentOS users

          "a purely community-driven Linux" where the community includes heavyweights like Google and Cannonical is more like an industry standard."

          Nope. gLinux is Debian Testing derived but heavily modified, and is used for internal use only (mostly on development PCs). Literally no-one cares for gLinux outside Google. Canonical's Ubuntu is also just Debian derived but Canonical deviates in many areas. Both use the Debian toolset because it's perfect if you want to roll your own Linux distro (so yes, if you define "industry" as those who want to to that then Debian is pretty much the standard). For the end user however, who doesn't want to roll his own, that's pretty irrelevant. Similar for businesses which need a stable and supported platform to run their applications on (unless you're a cloud or hosting provider, in which case you might want to roll your own distro).

          Outside the roll-your-own world of cloud and hosting providers however Debian isn't an "industry standard", not only because it's supported by almost no commercial ISV. The big players here are Red Hat and SUSE, and increasingly Ubuntu as well. Classic CentOS was the free copy of RHEL, openSUSE Leap is the free copy of SEL, and Ubuntu has been free all along. Debian can replace neither of them because even Ubuntu is sufficiently different that it's down to sheer luck if ISV software certified for Ubuntu actually works on Debian.

          BTW, as a an interesting side note, I suggest to have a look which parties actually contribute upstream to the Linux kernel and projects (hint: RHEL and SUSE contribute the most of all Linux vendors while Canonical is pretty much just a taker and contributes less than even Microsoft; same goes for Debian but at least they're not a commercial entity).

      5. TCook1943

        Re: If, on the other hand, you're one of us many disgruntled former CentOS users

        I'd suggest PCL in preference to Suze or failing that Gecko.

      6. This post has been deleted by its author

  2. Pascal Monett Silver badge

    Dependable Debian

    It's nice to know that there are still people out there who know what an OS is and how to make one.

    People who are not dazzled by the latest shiny, nor feel the unsurmountable urge to throw code out there ASAP because this is the new trend.

    An Operating System is supposed to be the bedrock upon which the user can build his software experience. It is not supposed to be the software experience.

    When I retire and get the chance to reconfigure my home office to my personal specifications, I know what I'm going to choose for my home server.

    1. boblongii

      Re: Dependable Debian

      Same here. And it won't be something with systemd in it.

      1. This post has been deleted by its author

      2. Zolko Silver badge

        Re: Dependable Debian

        Same here. And it won't be something with systemd in it.

        then I suggest MX Linux. Debian-based (not Ubunutu like Mint) and SystemD-free. MX-21, based on Debian 11 Bullseye, is in beta2 now.

    2. oiseau
      Facepalm

      Re: Dependable Debian

      Indeed ...

      Save for systemd, the huge lump of unneeded code implanted at its core and whose existence is inexplicably unneeded by the author.

      To quote a recent comment here at ElReg:

      " ... takes root in its host, eats massive quantities of resources as it grows, spreads unchecked into areas unrelated to the initial infection, and refuses to die unless physically removed from the system, all the while doing absolutely nothing of benefit to the host."

      Devuan Linux is just as dependable.

      And much healthier.

      O.

      1. oiseau
        Holmes

        Re: Dependable Debian

        Save for systemd, the huge* lump of unneeded code implanted at its core, the existence of which is inexplicably ignored by the author. ...

        Sorry ...

        Too early, not enough time to edit. 8^/

        * See here.

        O.

  3. keithpeter Silver badge

    Might be worth mentioning that Debian is one of the few distributions that provide a good chunk of the packages on a series of downloadable isos. The DVD1 and DVD2 images will cover most of the common desktop software, very occasionally you might need DVD3. There is also a blue ray iso available with a huge range of binary packages.

    Apt can be set up so that it will use the image(s) as a repository so, if you are planning to be seriously off grid for a year or so, you can install any software you might want to cover unforseen needs. A setup like this is also handy for demonstrating Debian (no Internet related glitches).

    Debian also publish update DVD images periodically. There used to be a bloke in the UK who would post DVDs to you in the days of optical disks!

    (Once you enable the online repository you have to keep using that repository of course)

    I mention this only because it is so unusual.

    1. karlkarl Silver badge

      Agreed. This is actually quite an underrated feature. I personally don't like the constant slurping from a central online repo that many Linux distros don't quite solve (Ports collections (i.e from BSD, Arch, Gentoo) get close because at least they fetch the distfiles from the distributed upstream vendors).

      Whilst the disks are great and provide 99.9% of software you will need, I would say that Debian doesn't make it particularly easy to download the entire repo. You can't just rsync / ftp the mirror because all packages for different archs and releases are munged into one pool hierarchy. Instead you have to use a 3rd party tool (apt-mirror) or parse the sources.list yourself (i.e with awk).

      And of course, snap and flatpack made today won't work on a distro in ~5 years so is fairly useless as a solution (As we learned from chroots, the kernel changes, glibc changes, old glibc will not run on a vastly new kerne, etcl).

      1. Lennart Sorensen

        Certainly doing specific architectures is no problem using the official mirroring tool:

        https://www.debian.org/mirror/ftpmirror#how

        Doing specific releases you can't, but that's not nearly as huge a problem given how much is often shared between stable, testing and unstable.

        1. karlkarl Silver badge

          Honestly, I will always write my own rather than use them.

          Have you tried them? They are a mess.

  4. Anonymous Coward
    Anonymous Coward

    Missing something?

    Am I missing something here?

    Debian 11 is till "testing" and is on RC2........

    https://www.debian.org/releases/bullseye/

    The article implies 11 is "released" - which to me means it should be under "stable" not an RC or under "testing".

    1. Lon24

      Re: Missing something?

      Yes - the writer got confused between RC1/2 which applies to the installer which is proving to be the critical path to 'full' release which is tentatively scheduled for July 31st. Until then it is testing - but apart from installer issues with some amd gpus it is pretty much final. That's the point of a stable release. It's stabler than most others even before final sign off. I've been using the bullseye repositories for months without issue - even on a production system.

      Netherthless the final 'full freeze' isn't until July 17th: https://lists.debian.org/debian-devel-announce/2021/06/msg00000.html

  5. Anonymous Coward
    Anonymous Coward

    Desktop is boring?

    "Debian has a reputation for being a good choice for servers, but a little boring and behind the times on the desktop."

    Maybe it is just me but I don't want an exciting desktop OS. I just want the ability to access files and run applications. In fact on reflection I don't even know what an 'exciting' desktop is.

    1. oiseau
      Facepalm

      Re: Desktop is boring?

      ... don't even know what an 'exciting' desktop is.

      No?

      It's the bane of every Linux distribution out there pretending to have one.

      eg; Gnome 3

      O.

    2. Paul Kinsler

      Re: Debian ... a little boring and behind the times on the desktop.

      Well, that's not fair. You can run a few xterms under twm on *most* linux distros, not just debian. :-)

    3. Anonymous Coward
      Devil

      Re: Desktop is boring?

      > [ ... ] a little boring and behind the times on the desktop.

      Understatement Of The Year.

    4. bombastic bob Silver badge
      Linux

      Re: Desktop is boring?

      well if "NOT boring" means "constantly using intarweb bandwidth (and wall time) to 'move fast and break things' and automatically surprise you with unwanted changes and unnecessary bloatware" then I _DEFINITELY_ approve of 'boring'.

      "bleeding edge" is SO overrated... [why do people do this to themselves?]

      I prefer being able to get work done, and abruptly changing the rules and/or creating instability just slows me down. It's why I like Debian for a lot of things. But I admit, I use Devuan, which is mostly like that too, except no systemd.

      1. jason_derp

        Re: Desktop is boring?

        Progress is a necessary in any field. The acknowledgement that some people will want to try new and unstable environments that could lead to stable and productivity-increasing features, while others will prefer old and stable (but possibly outdated) enviornments is just a part of healthy evolution in any evolving process.

        Remember that there was a time when people were VERY much against using punch cards to count a census. They were considered "unnecessary" and "unreliable". Now you're able to carry around a supercomputer from the 70s in your pocket.

        "Bleeding edge" shouldn't be considered scary or frivolous, it's just a part of progress you happen to not want to participate in.

      2. Anonymous Coward
        WTF?

        Re: Desktop is boring?

        > I prefer being able to get work done [ ... ]

        So ... someone who doesn't use Debian can't get any work done?

        I beg to differ.

        I never understood this semi-cult thing about Debian. That's it's so good and better than the others and somehow a cut above. Never really saw it in real life.

    5. Anonymous Coward
      Anonymous Coward

      Re: Desktop is boring?

      Exciting desktops are ones where when you log in, things have changed. Snaps have updated themselves, unattended-upgrades has broken things, or is running in the background for hours holding a lock so apt (or anything that relies on it, such as the nvidia jetpack sdk manager) doesn't work.

    6. Unicornpiss
      Childcatcher

      Re: Desktop is boring?

      An example of an 'exciting' desktop OS is Windows 10. When it doesn't dazzle, it baffles with its bullshit. You never know what you'll get with the next 'feature update'. Eg., we just had to deploy a group policy to block the idiotic weather and temperature that suddenly appeared on the taskbar with the last update. (which might be marginally useful if it didn't default to a different area than yours if you have location services turned off) It just keeps you guessing. One day it boots, then you shut down and after 20 mins of unexpected updates, what will be broken? it's anyone's guess! And then the Edge browser... Oh yeah, it's edgy all right! Like mystery? You never know how your icons will be arranged, especially if you connect to a different display. 64-bit files are in system32 and 32-bit in syswow64. What a kidder! Mistype a UNC path? You'll be greeted with the court jester network troubleshooter that you have to swear at and cancel. Every. Time. Then there's the utter randomness of what features you'll have or not have, and how the UI will be rearranged with each O365 update. I just can't take any more excitement!

      1. Tilda Rice

        Re: Desktop is boring?

        zz Windows bashing (oh look at me I've "discovered Linux")

        Thought one day we'd grow out of that, clearly not.

        1. Unicornpiss

          Re: Desktop is boring?

          I 'discovered' Linux back in about 1999. It was far more frustrating to me than Windows at the time, though I liked the idea of a totally free (as in beer, and as in speech) operating system. I supported it for years in a previous job. I am grateful to Microsoft for its failings as it certainly helps keep me employed. And some MS efforts are a real masterwork, such as AD. But I love coming home and using Linux. It's like a vacation by a cool river after a day of supporting Windows.

          1. Anonymous Kiwi

            Re: Desktop is boring?

            I "discovered" Linux after my weekly BSoDs turned into daily BSoDs, and recall having two of them one day before giving up. I knew very little about Linux, all I knew was that it was an operating system (which it isn't really), and I knew what that was, from experience with macOS and Windows.

            I found a blank USB in the draw under my desk, and went to the Ubuntu website and downloaded an ISO. After hours of trying to figure out how to put the ISO on the USB, I finally did it. I put the thing in and installed without hesitating.

            Now I use Fedora Silverblue (sometimes, but only when I have to) and helloSystem. Fedora and helloSystem are nearly polar opposites in design philosophy, but they're both easy to use.

            1. Tilda Rice

              Re: Desktop is boring?

              Windows bashing is juvenile. I love OpenBSD, Linux is what it is.

              I had 72 diskettes of slackware whilst many of you were playing hopscotch.

              But bashing Windows is... just silly.

        2. werdsmith Silver badge

          Re: Desktop is boring?

          Thought one day we'd grow out of that, clearly not.

          It’s true but you shouldn’t say it here.

      2. Anonymous Coward
        Anonymous Coward

        Re: Desktop is boring?

        > An example of an 'exciting' desktop OS is Windows 10.

        The article is about Debian. Really, it is.

  6. druck Silver badge
    Thumb Up

    Pi's

    Looking foward to performing over a dozen problem free upgrades to my Raspberry Pi's when the first version of Raspberry Pi OS (bah, Raspbian is a much better name), based on this comes out.

    1. Old Used Programmer

      Re: Pi's

      So I'm not the only one reading this that will be upgrading a lot of Pis. I think by the time I'm done, It'll be closer to two dozen...

    2. Lon24

      Re: Pi's

      Upvote for preferring Raspbian over the 'never can remember the proper format of the new'.

      Delighted to confirm upgrading from 64bit Buster to Bullseye by changing /etc/apt/sources.d worked like a dream. Installing KDE-Plasma makes it a better (if slower) companion to my 'proper' desktop Kubuntu. But then Kubuntu these days usually upgrades smoothly. Whereas I've never managed to upgrade Linux Mint (any edition) from 18 to 19 or 20 without a blank screen leading to junk and re-install.

      I suppose that's to maintain compaibility with Windows 9x which required a wipe/re-install every year to stop it stopping.

      1. quxinot

        Re: Pi's

        LMDE is a weird mix that crosses the Mint and Debian lines. It's like Debian-really-unstable (which is still super solid for desktop use). Stick MATE atop it, and it's blisteringly fast like Xfce, but with just enough more bells to make it more luxurious for daily use. (And yes, I typed XKCD twice before my fingers would allow Xfce!)

        And if you managed to get Windows 9x to last a year without a reinstall, you don't beat your desktops as hard as I do (well, or did at the time, anyway). That was an every-other-month sorta thing, at best!

    3. amacater

      Re: Pi's

      You can, potentially, have vanilla 64 bit arm64 Linux on the Raspberry Pi now with minimal effort.

      I'm writing up how it was done when I did it the other day - if not, use your favourite search engine to find Pete Batard UEFI Raspberry Pi

      Almost identical instructions will allow you to put Debain straight on an external SSD for yoru RPi 4.

  7. Xenobyte

    Breaking things

    "I've been running Debian on servers for well over a decade now and have never had an update break something. Never. "

    Then you haven't been using it long enough. Back when Woody became Sarge (2005) the dist-upgrade broke something truly central: cron. To be precise the upgrade caused the /etc/crontab file to be overwritten with a default version, no questions asked.

    Sure there are other crontabs and they survived just fine but at the time the mantra was to put everything into that one file, which we did. It was a hosting environment so more or less everything was to be executed by root, and this included backups. The crontab also held the backup verification so neither the backup ran nor the job that should alert if it failed somehow. Some months later one upgraded server died due to bad disks and 30 mins later another. They were built with disks from the same batch and they failed like clockwork. On the backup system the retirement of old backups worked like a charm however, leaving no backups of the affected servers... Not really fun.

    Lessons:

    1) Don't ever dist-upgrade a production server. Build a new server with the new distro and transfer the data.

    2) Have the backups checked by an independent system.

    3) Retire old backups by number left, not age.

    1. Leigh Brown
      Linux

      Re: Breaking things

      One issue 16 years ago. I'll take that.

      Yes, you need to take precautions such as taking a backup or maybe testing a few times in non-production servers, but the dist-upgrade process works really well.

    2. Smartypantz

      Re: Breaking things

      I have Production servers that i have been distro upgrading since 4.0 "Sarge", so your point 1. is bullshit, and straight out of the MS-way handbook.

      The whole point of having a stable OS like Debian is exactly to be able to distro upgrade without pulling your hair out. Like the author, i have never had (undocumented), braking, update or upgrade, changes in the hundreds of production systems with Debian, that i have been responsible for over the years.

      Some of us are actually payed to work with this. We can't just "Build a new server and transfer the data, and take our time about it too"

      1. Anonymous Kiwi

        Re: Breaking things

        There is a _very_ good reason why Chrome OS and Android have two root partitions -- you can upgrade one, and if it's broken then you use the other one.

        My Silverblue installation does the same thing.

  8. teknopaul

    Devuan Chimaera

    Devuan Chimaera aka version 4.0 is on the way, based on debian 11: for those that value init freedom.

  9. captain veg Silver badge

    Debian is great

    ... so long as your hardware is supported*. For everyone else, there's Ubuntu and Mint.

    -A.

    *If it's a server, it probably is. New model desktop or portable? Maybe not.

  10. Claptrap314 Silver badge
    FAIL

    It "just works"

    Near the bottom of the article "Some changes to systemd especially are worth studying..."

    Uh huh.

  11. saskwatch
    Linux

    Installing Debian

    My personal preference for installing Debian is to use the "unofficial" repositories which incorporate

    the non-free firmware:

    https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-builds/amd64/iso-dvd/

  12. Barry Rueger

    Set it and forget it

    I want to install a system and not think about it again for at least five years.

    I date back to the days of DOS and Windows 3.1. Any interest in fiddling with and troubleshooting software is long gone.

    While my partner despairs over endless Windows and Apple mysteries, baffled why something that worked yesterday just stopped, I carry on with my Linux machines that "just work" and most importantly work in the same way month in and month out.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like