this one affected me but there’s a solution here…
1 Like
I’m not sure if it is related, but my video keeps resetting on Tumbleweed. I have a 680M and not Vega nor the ‘raven’ flag. My issue has been better since the last daily update.
I’d be more active in the SuSE forums, but they won’t let me re-register with my original e-mail address. And, I never got around to creating an email alias.
everyone that i’ve encountered with this problem, myself included, describes system freezing where the only way out is a hard reset - your issue sounds different, though i did see a Tumbleweed user that described the freezing issue
in an effort to fix my problem i almost pulled the trigger on Tumbleweed myself - i mostly liked what i saw, but because of browser security (and laziness) i couldn’t log on to their form because it uses a x-domain login system
is Tumbleweed your daily driver? like it? how would you compare to … i dunno, Manjaro or EndevourOS, for ex.?
openSuSE is a true rolling release OS. Overall, I’ve been satisfied. I do use it every day. The biggest adjustment was getting used to their default desktop: KDE. And, they have some patch for Vim that I don’t like, and which I zero out after each update. I’m sure you could switch both the DE and installation source for Vim, but I have not bothered.
The downside is the relatively new kernel and software versions. On my obscure Ryzen 7 6800H mini PC, the software has been pretty unstable at times. Lately, my video will reset. Or my mouse will stop moving for a moment. And the software quality varies from week to week. So, I don’t know whether Tumbleweed will help or hurt the video issue you’re experiencing.
I only use a few traditional apps like Firefox and Vim. So, from that perspective, openSUSE is just as viable as Manjaro. I’ve not tried EndevourOS before. One pain point is proprietary video. I chose to install Vivaldi and run their proprietary video script. There are instructions for adding a VLC plugin repository for Firefox.
You have some other options from openSUSE. “Leap” is their regular release version. And, that should be more stable than Tumbleweed. They also have an immutable release candidate called “Aeon”. Phoronix has some reporting on that.
I tend to default to SuSE. And, I switched back a few years ago after a Manjaro update never installed properly for me. I originally installed SuSE 9.0 from a retail box. And, I tend to think of SuSE the same way other people think of Ubuntu or Red Hat.
Also, historically, SuSE has been associated with App Armor. But, there was a recent article saying that new installations are switching to SELinux. So, you might have to troubleshoot a security barrier if you install additional software. I think I needed to add App Armor rules for file sharing and snap packages when I first set up Tumbleweed.
SuSE is RPM-based. So, that will affect what traditional packages are available for you. But, I do have Snap and Flatpak set up and regularly updating. I can’t speak for Nix packages. And, if you choose Flatpak then you might also want to install Flatseal (a Flatpak app) which allows you to manage permissions (like file system access) for individual apps. For example, I might install Vim from Flathub and then give it access to my local files. Homebrew is another option.
One thing which is helpful is the Qt-based “app store” in openSUSE, which serves as the main method for updating and discovering software. I find it similar to the Ubuntu Software Center. In openSUSE, the app is called “Discover”. Discover should be pinned to the KDE taskbar in new installations.
You should probably also know about “Software” and the openSUSE Build Service:
In terms of backups, I installed into a BTRFS partition. And, I enabled snapshots which lets me boot into a previous snapshot after a bad update. That takes care of software. And, personally, I rsync my data to a NAS which itself has immutable snapshots. That takes care of my data. I have a separate partition (BTRFS subvolume) for data. And, I manually disabled snapshots for that partition so I don’t roll back my data after a bad update. Though, I believe /home is also excluded by default.
either the forum quit sending me mail, or my mail provider is on the blink - i never got notified of recent replies
i ran TW on a live USB and since KDE is my fav DE, most everything is familiar - i don’t really see what the big deal is with YaST, but i guess it’s nice
that’s a very specific AMD issue that’ll be solved with mesa 25.x (i already have a dev build installed, so no more problems)
TW is still on 24.3.x however and i think that’s the one that gave me trouble, so i’ll wait until 25 is on their repo before i switch from Manjaro … which i’m becoming more disillusioned with as time goes by - i don’t like some of the philosophies of the project and i really don’t like the elitist attitude of some of the people involved, and then there’s the stupid things they’ve done in the past
their proposed opt-out (rather than ‘in’) data collection (MDD) has also ruffled a lot of feathers, including mine - maybe they’ve scrapped the idea, i don’t know - the site is 404 now
turns out some bored Arch-er found a big flaw in MDD and uploaded a bunch of crap data to their server to pollute the data and rather than blaming themselves for their incompetence, the Manjaro boys blamed the prankster
far as software, looks like just about everything i need is either in the official repo’s or the packman repo - then there’s the OSB which you mentioned, though i don’t know anything about that yet
Discover i didn’t like - tried it on Manjaro, plus i read some seemingly ligit gripes about how it works
i’m aware of Leap of course, but once i started using a roller, there’s no going back - i guess my dislike of point releases stems from my Winblows days where, in the interest of efficiency and eliminating problems, a new version pretty much required wiping the drive rather than upgrading
you said you’re using the BTRFS file system - i assume you know that’s a lot harder on SSDs
like you, i also rsync everything - i keep ‘sync’ backups as well as archive backups
people that use, or have used TW, seem to really like it - some of those that don’t use it anymore seemed to have switched to EndevourOS or Arch proper, though there are those that went the other way too
anyway, thanks for your feedback
1 Like
I don’t have an AMD GPU, but I always wanted to like openSUSE. Unfortunately YaST did not like zypper and GNOME Software/Discover on the same system and they kept fighting each other. I didn’t get very far with it.
I really want to like the Universal Blue distributions, but I don’t like the fact they’re built from Github CI… otherwise, they’re great. If I could get over that, I’d absolutely be a (mostly) happy user of Bluefin.
Mint is a no-go because no fractional scaling/wayland, Fedora is fine but I so prefer the rolling release model of Arch and TW. Plus combining the main repos with RPMFusion is messy. And other little things that are nicer on Arch. I’m really interested in Ubuntu Core Desktop but it doesn’t exist yet; but I’ve always found mainline Ubuntu buggy and unreliable.
No matter what, I can’t seem to leave Arch…
This discussion has reminded me about backups, though.
1 Like
I will keep an eye out for Mesa 25 while I am updating.
Typically, I use zypper from the command line for updates and some info. You might also take a look at Myrlyn (Phoronix). Though, that is more like a repo manager than the more contemporary app browsers.
I mentioned openSUSE’s instance of OBS because that is where their source is stored. And, I found it difficult to find the first time. Typically, I’ll use either the online software catalog, Discover app browser, or zypper to find software.
I did not know about BTRFS. Though, I have been saved from chrooting by having the option to rollback to a previous BTRFS snapshot.
Apart from some suggestion to set less frequent metadata updates, there does not appear to be authoritative advice. In particular, the BTRFS documentation reads:
Metadata writes tend to be the biggest component of lifetime writes to a SSD, so there is some value in reducing them.
[Remainder of this section.]
… it’s hard to justify wear reduction as a benefit.
What to do:
- run smartctl or self-tests to look for potential issues
- keep the firmware up-to-date
I’m not sure what you found.
- § Solid State Drives | BTRFS Documentation
- SSD Wear | Stack Exchange
- BTRFS relatime vs. noatime | Reddit
I don’t know much about it. But, SUSE is currently held by a private equity company: EQT AB. I mention it because I thought that might affect your decision.
I tried Vanilla a while ago. That distribution is immutable. But, the biggest problem I had was they have five or six different package managers all in different security contexts. I’m not sure how you would feel about that. They have a Discourse Discord server that is active.
With regards to the package manager conflict, I would think that all the software installs on openSUSE are managed by libzypp. So, I’m surprised that there would be some conflict.
zypper info libzypp
Loading repository data...
Reading installed packages...
Information for package libzypp:
--------------------------------
Repository : Main Repository (OSS)
Name : libzypp
Version : 17.36.1-1.1
Arch : x86_64
Vendor : openSUSE
Installed Size : 8.3 MiB
Installed : Yes
Status : up-to-date
Source package : libzypp-17.36.1-1.1.src
Upstream URL : https://github.com/openSUSE/libzypp
Summary : Library for package, patch, pattern and product management
Description :
libzypp is the package management library that powers applications
like YaST, zypper and the openSUSE/SLE implementation of PackageKit.
libzypp provides functionality for a package manager:
* An API for package repository management, supporting most common
repository metadata formats and signed repositories.
* An API for solving packages, products, patterns and patches
(installation, removal, update and distribution upgrade
operations) dependencies, with additional features like locking.
* An API for commiting the transaction to the system over a rpm
target. Supporting deltarpm calculation, media changing and
installation order calculation.
* An API for browsing available and installed software, with some
facilities for programs with an user interface.
regarding BTRFS on an SSD, i saw a notice (more like a warning really) provided by one of the OS vendors, either Endevour or OpenSUSE … or perhaps the latest Manjaro installer - i don’t recall which because i poked around in all 3 installers, but one of them suggested the ext4 FS on SSDs rather than BTRFS
i found packages in OBS that aren’t in the official TW repo (rsgain for ex.) - i guess the OBS stuff has to undergo more testing before it’s moved to official, but i didn’t yet find any warnings regarding system stability with OBS pkgs., whereas with the Packman repo, there’s a prominent warning about using it
that’s something i’ve been wondering about but haven’t looked into, so thanks for naming the co.
edit: yeah, that doesn’t look good - a bunch of acquisitions and partnerships - typical profiteering corporate crap - right now the situation for openSUSE looks ok, but that could change drastically at any moment
1 Like
@mike - regarding Discover having issues, this is where i saw that…
pacman/Tips and tricks - ArchWiki
Warning: PackageKit opens up system permissions by default, and is otherwise not recommended for general usage. See FS#50459 and FS#57943.
1 Like
I never looked at PackageKit before. It appears to be working as intended.
If the problem is:
I have the ability to install software from the repositories and to upgrade the system without entering the admin password.
Then, that’s not a problem because:
PackageKit seeks to introduce automatic updates without having to authenticate as root
I think automatic updates is a good default feature for people who are accustomed to Windows and Mac OS. And, the default update settings in Tumbleweed are to check once per day, notify the user, and the user can click to upgrade. Others might have different assumptions or preferences.
Generally, I’m less concerned about typing the admin password.
And, I’m more concerned about crummy Red Hat software proliferating everywhere.
i don’t have a good understanding of the packagekit issue raised in the arch wiki, but if packagekit can install stuff without a password, that seems problimatic, and especially so if it can do it without prompting (or prompting after the fact)
i’d be curious as to why this doesn’t concern you (in the context of installs) because to me, as a linux nooblet, more or less, that seems scary - i’m thinking about a potentially malicious package that could then auto-install more junk, or non-malicious packages that could install unwanted junk (deps, telemetry, etc.)
ps: an example is firefox - on linux it can’t auto-update (at least not on my system), but it can auto-update extensions if you don’t disallow that and that is potentially very dangerous because a developer can sell or otherwise monetize an extension and turn it into what i would define as malware - this has happened many times and moz’s crappy automated “review” process either doesn’t always catch this stuff, or green-lights it because their guidelines are too lax
from the developer of the once very popular All-in-One Sidebar add-on…
It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn’t want to see that AiOS turn into adware or spyware.
My understanding is that any malicious package you have installed on your system can edit auto-loaded files like ~/.bashrc to auto-download and run scripts to do all sorts of nasty things. The root boundary might help with preventing lower level malware like rootkits, though.
You might have heard Gentoo users complain about not being able to remove polkit because systemd depends on it, which is in turn depended on by lots of other core packages, and Gentoo users like running OpenRC. Polkit is what Packagekit uses to gain root privileges to install packages. And yes, it can be exploited: Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug - The GitHub Blog
Auto-updates can be dangerous on Arch because they can break things. You need to check Arch News (which they have been quite lax about updating lately, so nevermind…) before you update. But it’s rarely a security feature. The xz issue, for example, isn’t something you would have known about beforehand and turning off auto-updates would not have saved you (nevermind that it didn’t target Arch systems).
In most cases, auto-updates protect you from exploits because you get security fixes faster. If you have a high level of trust in your distribution (by running it, you’re already trusting them a lot), enabling it would be beneficial.
maybe i’m misunderstanding what you guys mean by auto-update - if the user is informed of a pending update and has to give approval, that’s fine, but since my distro does this anyway, as do at least several others, i don’t think that’s what you mean
it seems you mean auto-install without consent and, for me, that’s a big no-no, whether it’s Arch or otherwise
as for not having having to provide a password, your logic doesn’t sound terribly flawed to me, but then for the slight inconvenience that entails, and whatever slight benefit that may offer, why not
both of you are far more knowledgable regarding Linux however, so there’s that
Mike’s mention of Flathub got me re-thinking that, so in the interest of better isolation i started running the Flatpak version of Firefox today, along with Flatseal - i hate the inefficiency that goes along with that, but i guess it’s worth it for a web browser
edit: yeah, well, that didn’t even last a day - good by Firefox Flatpak - too fiddly for me - till i grant permissions to access this and that and open links from here and there, there’s probably not much isolation left anyway
I don’t know if any distribution offers this - maybe Ubuntu? I agree that auto-updates without consent is too invasive, and I wouldn’t do it. I’m only referring to automatically checking for updates. Mike might have a different opinion.
I do actually have updates automatically applied to my phone with GrapheneOS, but I consider that a totally separate thing…
For Arch, there’s checkupdates from pacman-contrib which you might be able to script…I did try to setup a cron with notify-send way back when but it never quite worked. I only use GNOME Software for updating Flatpaks/Firmware via LVFS as I think the Packagekit implementation for Arch is a little…dodgy.
Your web browser is one of the only scenarios where Flatpak’s sandboxing is unnecessary; Firefox already has a sandbox. In fact, when you use the Firefox Flatpak, it replaces its sandbox with Flatpak…which may not be as secure; see Seirdy’s note here: Flatpak and web browsers - Seirdy
But the Firefox developers disagree: 1882881 - Flatpak: explain how it can be as secure as native browsers
The Firefox Flatpak also lacks support for several features currently. Fedora is working on fixing that for their own Fedora Flatpaks project. Unless you’re on a distribution that ships really old browser versions (like Debian) or an immutable distribution, I don’t see the point, really.
I do try to use lots of other programs via Flatpak mostly for convenience/rollbacks but also because some Flatpaks don’t require access to the filesystem, mitigating that ~/.bashrc injection issue I mentioned.
me either, but i thought that this is maybe what Mike was proposing
thanks for the tip - i knew Firefox does some sandboxing, but was under the impression that was still pretty rudimentary on *nix
Mesa 25 is in the Tumbleweed repository.
To clarify, I prefer to be notified about updates and to install them when convenient.
In this case, I said I’m not worried about typing the admin password because a malicious package can be installed whether I click OK in Discover or type sudo zypper dist-upgrade and enter a password. In other words, typing an admin password does not detect malicious packages.
Just an FYI that libzypp added parallel fetch as an experimental feature. This lets you download more than one package at the same time.
You can use this env command to run zypper with the required environment variable:
sudo env ZYPP_PCK_PRELOAD=1 zypper dup