part 2/2

“You can do the same things with the aur as without” is the dumbest shit I’ve ever heard (sry) Its like saying you can do the same thing with a guitar as with a CD.

Nah, that’s coming right up:

For flatpack: I avoid it, as people who are far more deep into the topic than me said its basically snap with extra steps, bloated, insecure, against the Linux philosophy of interlocking FOSS software blah blah. Didn’t understand most of it but followed the advice.

1. Argument from authority is a logical fallacy, and I don’t think basing your entire argument on willful ignorance requires further comment

2. People have issues with snap due to following reasons, and none of them apply to flatpak:

• snap is forced on ubuntu users and apt randomly installs snaps instead of deb
• snap slows down boot times because it mounts virtual FS’
• snap store and packages are closed source, and while snap is open source, the snap store is hardcoded

3. Additional package managers are bloated in the same way cars are bloated for having seatbelts and airbags. The only way to reliably prevent dependency mismatches is to have a separate set of dependencies.

For example: you want to install the newest obs, but it requires a higher version glibc than your KDE. Installing the newer glibc in the exact same location as your system could possibly break your system. Pacman simply errors out, on the other hand flatpak provides the correct version to each of the packages it installs. And that’s possible because:

4. Everything is isolated, and generally not only more secure, if the package is published by the developer, but could be even further improved:

• each package gets its own private sandbox with a filesystem, libraries, dependencies, runtimes, etc.

• there are built in systems to further isolate packages from each other and your system

• you can use tools like flatseal to control permissions on top of whatever the base system uses (AppArmor/SELinux).

• no sudo privileges required

Pacman can only use AppArmor/SELinux, and AUR is the riskier version of community flatpaks.

5. The thing is, you can’t get better security and reliability without breaking FHS a bit. You also need to consider that they still try to follow it within the additional restrictions imposed on them. You get the same structure, but in respectively consistent places. It’s a pretty good trade-off in my regard.

For btrfs: OK, give me the Debian bookworm installer where you can select ANY enrcrypted format that is not luks–>lvm–>ext.

The default one, and therefore essentially everything downstream: guided partition -> change from ext4 to btrfs and set to mount to / -> run the encryption wizard. Do read the maintenance section though, there are reasons why stable distros don’t default to it. Besides that, rsync does the job more than well enough. You can use the timeshift gui to have it periodically take snapshots, or easily automate it in different ways.

Honestly, monthly snapshots are going to be just fine. That’s the whole benefit of this kind of a setup. Your base system almost never changes, while everything you need to be up to date is completely separate. Half of my packages are nix unstable and just as bleeding edge as on arch, but my system is not at real risk of failing to boot due to an update because it’s still Debian, and quite close to vanilla at that. You don’t need btrfs and snapshots on every update because both flatpak and nix support rollbacks, and that’s the only scenario where updates could be risky.

There are downsides, and possible complications during setup though, but I’d say the trade is more than worth it, especially if you depend on your device and can’t have it break down because you ran a system update or installed a package without updating the whole system. Working abroad with bad internet really drew it home for me, and caused me to finally drop arch.