[HN Gopher] EasyOS: An Experimental Linux Distribution
___________________________________________________________________
EasyOS: An Experimental Linux Distribution
Author : skilled
Score : 76 points
Date : 2024-06-19 18:59 UTC (4 hours ago)
(HTM) web link (easyos.org)
(TXT) w3m dump (easyos.org)
| jmakov wrote:
| Runs as root. Not sure that's a good idea.
| majkinetor wrote:
| Easy clearly can't be compared to any other Linux, judged by
| the page on how it's different [1]. That's why running as root
| in its case might be a good thing.
|
| [1]: https://easyos.org/about/how-and-why-easyos-is-
| different.htm...
| hulitu wrote:
| > That's why running as root in its case might be a good
| thing.
|
| Famous last words. /s
|
| An atacker does not need "priviledge escalation" in this
| case.
| segasaturn wrote:
| > Easy runs each non-root app as its own user. For example,
| by default Firefox runs as user 'firefox', and SeaMonkey as
| user 'seamonkey'. Installed AppImages and Flatpaks also
| default to run as their own user.
|
| > It is easy to do the same for any app, that is, run it as
| its own user, isolated from other users.
|
| Exploits of apps will still need to escalate it looks like.
| exe34 wrote:
| to be fair, the whole root thing is relevant in multi user or
| cases where you're mucking about with an installation.
|
| if you're always careful to run as a non-privileged user, the
| most that could happen is that a browser vulnerability allows
| arbitrary execution of code as your user, allowing deletion,
| encryption, exfiltration of your personal data. so you're boned
| anyway.
| ForHackernews wrote:
| https://xkcd.com/1200/
| majkinetor wrote:
| Its stated that any app runs under its own user, including
| the browser.
| hawski wrote:
| Exactly. Though security is an onion, so it is at least
| making it harder.
|
| In the traditional Linux desktop model a vulnerability may
| allow to run something as the user. It can change your
| bashrc, your application menu as well as your launchers, your
| browser extensions and settings. You may already have a user
| writable directory in your PATH so it can replace things even
| on a lower level.
| lfmunoz4 wrote:
| Running at root in my opinion has an increasing number of use
| cases. I.e, it is the new type of isolation. In the past we
| would create users and have apps running as that user for
| security. Now I spin up a digital ocean node for that
| application and that is isolated meaning if anything goes wrong
| I am destroying that node and recreating it and app is the
| entire node.
| contingencies wrote:
| Don't forget _curl |sh_ is everywhere, not to mention
| unaudited package management dependency trees.
| IshKebab wrote:
| Root is only really relevant for multi-user environments (e.g.
| university/company servers). For single-user you don't get any
| additional security from it since Linux doesn't have a secure
| access key sequence so it's trivial to MitM sudo.
| bee_rider wrote:
| For modern systems with their hardware bugs, user account based
| security is just a false sense of security. Anyone running code
| on your machine is just a rowhammer or meltdown away from doing
| whatever they want anyway.
| ranger_danger wrote:
| > Easy runs each non-root app as its own user.
|
| FINALLY. One step closer to a more modern mobile-like
| untrusted-by-default setup.
|
| It has gone on way too long that any standard installed program
| can spy on every other program/all your data on the system.
| singpolyma3 wrote:
| Honestly this is what makes a computer useful and removing it
| removes a significant amount of the utility of using a
| computer.
|
| Now in this case where the user is root it might work out as
| an interesting balance in practise, I'm not sure.
| segasaturn wrote:
| Yeah that model is actually more secure than the standard
| Linux user model. There's also an option to run applications
| within their own containers.
| DANmode wrote:
| Ever use Windows as an administrator?
|
| Not disagreeing, but, the threat model of the creator of Puppy
| Linux may be different than yours.
| darkwater wrote:
| https://easyos.org/dev/images/dir2sfs-2.png
|
| What's "easy" here, exactly?
| IshKebab wrote:
| Honestly I have no idea what this is but the fact that it has a
| GUI with at least some discoverable fields is way above what I
| would expect from most Linux distros.
| lfkdev wrote:
| Cmon, we're not in 2005 anymore. Linux Desktop is fine for
| almost everyone even casual user with all big distros.
| imabotbeep2937 wrote:
| Geeky Linux forums tend to be people who haven't given new
| distros a chance in decades, and still think Gentoo and
| RedHat are the major players. (Desktop Linux it's Ubuntu,
| followed by Debian and CentOS).
| DANmode wrote:
| LinuxMint, followed by ChromeOS, followed by Ubuntu, et
| al
| creata wrote:
| Fedora is a "major player" in desktop Linux, and CentOS
| isn't being developed any more, is it?
| ranger_danger wrote:
| Pretty sure easy refers to USING the distro after it's
| installed, not while building a custom distro yourself, or
| whatever this is.
| lfmunoz4 wrote:
| Needs a video demo, showing how to run it and the main features.
| yungporko wrote:
| my first thought was literally "this looks cool and useful, i
| wonder how everybody will shit all over it in the comments" and
| as usual hn did not disappoint lol
| justinjlynn wrote:
| Yeah, people - in general - tend to do this with anything
| novel, sadly - especially novel design. See what Steve Balmer
| said about the iPhone for a commercial example. For Engineering
| examples, well, see the controversy around anything by
| Poettering (Systemd, PulseAudio, etc., etc.).
| jorvi wrote:
| > For Engineering examples, well, see the controversy around
| anything by Poettering (Systemd, PulseAudio, etc., etc.).
|
| I love how you can't get any sense out of them.
|
| "So, you can see that software Y is almost unmaintainable in
| practice due to no maintainers wanting to work on ancient
| codebases?"
|
| _Yes._
|
| "And you won't maintain them?"
|
| _Yes_.
|
| "And you will not pay someone to maintain them for you?"
|
| _Yes._
|
| "But you will staunchly fight the suitable FOSS alternative?"
|
| _Yes._
|
| "Even if it means a constant relative decline in performance
| and options, not to mention evermore terrible workarounds?"
|
| _Yes._
|
| Makes my head spin.
| yjftsjthsd-h wrote:
| Multiple alternative to systemd _are_ actively maintained.
| imabotbeep2937 wrote:
| To be fair. All good distros can run from a USB stick or
| whatever now. The use case for a "liveCD" is limited. Puppy
| Linux would just be a toy today. It used to matter to me in the
| days of slow internet, limited storage, etc.
|
| Now just grab Linux Mint or whatever. Use a "real" distro with
| a community. Install it if you like it.
| christophilus wrote:
| Huh. I was expecting another bland Debian wrapper, but this is
| pretty unique. Nicely done!
| behnamoh wrote:
| easy [?] simple.
|
| Often times we have: (implementation for
| programmer, UX for user) = (easy, complicated) | (hard, simple)
| ChrisArchitect wrote:
| Some previous discussion:
| https://news.ycombinator.com/item?id=21023989
| InMice wrote:
| Interesting, I think i will give it a try in virtualbox
| Projectiboga wrote:
| This is a project by one of the original Puppy Linux guys. Puppy
| is a collection of Linux distributions that work a certain way. I
| think that focus is portable and live for them. This is his what
| he shifted to to better meet his own ideas, since Puppy is a
| group project.
| bee_rider wrote:
| Based on the icon and some of the links, it looks to be connected
| somehow to PuppyLinux. Anyone know what the link is?
|
| PuppyLinux was my first distro, it was great fun to be able to
| boot directly from a flash drive. IIRC persistence was
| implemented by just writing to a file which could be located
| anywhere, even on a Windows system. It was a great way to get
| familiar without committing.
| imabotbeep2937 wrote:
| Most modern distros have this out of box.
|
| Lot of Linux forums need to update their assumptions by about
| 20 years.
| Dwedit wrote:
| Nowadays, if you wanted something you could boot off a USB
| flash drive, you'd use MX Linux. It even supports loading the
| entire OS into System RAM so you can eject the USB flash drive
| after it has booted.
|
| Persistence is optional here, you can either have it or not
| have it.
|
| It also has a built-in tool to remaster the OS image, so you
| can update all the packages, install a few more, then run a
| Remaster and then you have a brand new USB bootable OS image
| with updated packages.
|
| MX Linux also has the "Frugal Install" feature that lets you
| install the USB version of the operating system to your hard
| drive, but it will still act just like you booted from USB,
| with the system being rolled back if you don't manually persist
| the system.
| allanrbo wrote:
| Yea, same guy, Barry Kauler
| poikroequ wrote:
| > No ISO! ISO for optical media is a legacy format.
|
| This comes off as fairly ignorant. Virtual machines? Ventoy?
| There are lots of tools which can flash an ISO to a thumb drive
| or similar. ISO files are far more useful than just burning them
| to optical media.
| PlutoIsAPlanet wrote:
| Ventoy and flash tools should in theory support img files just
| fine, if anything for virtual machines img files should be
| easier to boot than ISOs (don't need to emulate a CD drive)
|
| Modern Linux ISOs are a sort of hacked hybrid ISO/IMG, where
| keeping support for burning to CDs (the ISO part) has some
| trade offs (such as workarounds needed for persistence storage,
| multiple partitions).
| josephcsible wrote:
| Exactly. And it's not like they'd need to ship two versions of
| the installer; a single hybrid ISO that works both ways is what
| basically every other distro already does.
| rascul wrote:
| ISOs make little sense over a regular disk or filesystem image
| for just about every use case except burning to optical media,
| a use case I understand to be quite rare (but not completely
| gone) nowadays.
|
| I know nothing about Ventoy, though.
| jvalencia wrote:
| > Barry Kauler created Puppy Linux in 2003, turned it over to the
| "Puppy community" in 2013. It is only natural that a lot of
| "puppyisms" can be found in Easy; though, it must be stated that
| Easy is also very different, and should not be thought of as a
| fork of Puppy. Inherited features include the JWM-ROX desktop,
| menu-hierarchy, run-as-root (with optional non-root apps), SFS
| layered filesystem, PET packages, and dozens of apps developed
| for Puppy.
|
| https://easyos.org/about/how-and-why-easyos-is-different.htm...
| creata wrote:
| Between this, and Guix, and Nix, and Fedora Silverblue, a lot of
| distributions are doing atomic upgrades.
|
| Is there a reason atomic upgrades so popular now? Not that it's a
| bad thing. (Edit: The advantages of atomic upgrades are obvious.
| I'm asking what changed to make it practical.)
| PlutoIsAPlanet wrote:
| in the case of Silverblue
|
| - Pushes the use of containers for apps, /usr is read-only
| (mostly). in most cases Flatpak and
| Podman/Docker/Distrobox/Toolbox
|
| - Makes reproducible builds, your /usr is the base fedora image
| + whatever you have explicitly configured to add, the latter
| part makes it very easy to customise the base OS and undo
| changes (which are tracked), or share changes with others.
|
| - Updates are atomic, you pull the power cord during an update?
| no bueno will just boot the old deployment. Additionally,
| because the system is always in a known and immutable state,
| updates should always work without any kind of
| dependency/package issue, your swapping one /usr for another.
|
| - Makes malware harder as /usr is read only and you can use
| composefs to make sure content isn't changed, not really that
| secure though given any malware can just infect the initramfs
| yjftsjthsd-h wrote:
| It solves real problems and the technology has matured to the
| point of being usable.
| allanrbo wrote:
| Refreshing to see such a radically different take on a Linux
| distro. Probably too experimental for what I need, but I'm glad
| people are thinking outside the box!
| lta wrote:
| I probably wouldn't actually use this distro, as I'm probably not
| the target audience but they're exploring quite a few novel
| ideas.
|
| Good luck guys
___________________________________________________________________
(page generated 2024-06-19 23:00 UTC)