Hello, gorgeous community!
My friend, a generally non-technical person is looking for a good gaming distro. He has been daily driving Windows and OS X before, his main motivation for switching Linux is to streamline his contributions to a game development project we have, that is largely Linux-based (we use Nix for dev environments and build automation).
The only Linux distro I’ve ever used for gaming is SteamOS, and all my other experience is in the Nix/Arch domain, so I am not sure what to recommend to my friend.
As I mentioned, the only hard requirement we have is a possibility to sustainably use Nix package manager with experimental functions (command, flakes), - and I am willing to help my friend setting it all up. But I also would like him to be able to use the OS for gaming whilst experiencing only the expected and acceptable amounts of pain.
So far we have Nobara and Chimera on our radar. Is there something you can recommend? Any advice in general would be helpful, thanks in advance!
TLDR: You don’t need a rolling release distro like Arch or its derivatives or any “gaming” distro for gaming anymore.
Many experiments have shown that these distros specifically “made for gaming” have no real advantages. If your friend is a beginner, I would absolutely not recommend Arch Linux, but rather Linux Mint. I have recently found this experiment: https://youtu.be/UtXw9on6qs4 (table at the end of the video) that supports this recommendation.
I’d still recommend a bleeding edge distro if the friend in question has recent hardware and/or likes to play games on release. It doesn’t have to be arch though, and you can probably grab a recent kernel on Mint too if necessary.
Thanks for sharing that video. It’s one of the most ambitious ones I’ve seen out there. However, if I understood correctly, only average fps is compared right? So not the (more important) 1% or 0.1% lows.
Just regular Fedora with KDE will do.
Just make sure they install the rpmfusion repos, activate flathub and replace ffmpeg-free with regular ffmpeg for media playback.
Fedora or Fedora KDE Spin. Nice and user friendly, good support.
I’d recommend Fedora KDE. Keep it simple. Good community, support, stable.
I game on Linux mint and have had very little issues out of the box. Worth noting its super easy to game on and steam is seamless. Not a hard distro to learn with tons of forums and updates. Lightweight and overall no major complaints as I only broke my system myself tinkering with things I wanted to tweak. I’ve always fixed it relatively easily and I don’t know much about terminal commands. Tons of info online, mostly copy and paste. Cheers.
None of the desktop environments included with Linux Mint (really) support Wayland. X11 allows any app to keylog easily. X11 is quite bad for Security. Cinnamon has experimental support.
X11 allows any app to keylog easily.
Yeah, any app that runs on your computer… at which point you have bigger problems than keylogging.
When’s the last time you’ve heard of keylogging being a common problem on Linux btw?
My point was that X11 is insecure. Security through obscurity is not security. Wayland does not send every keypress to every application, which protects against this attack vector. Wayland is both significantly smaller and more secure than X11. X11 was designed in a time when software was built to simply trust anything that runs on the computer. We need to move past just putting our trust in the software we run. At the very least raise the barrier to perform such an attack.
Do you sandbox each and every process? Do you whitelist everything each process can do? Every file it can access, every which way it can use the network, every bit of CPU and RAM and hardware resource it can use?
If you don’t do that, why do you want to impose upon me a complete block of inter-window communication, which I use for desktop automation, and which has basically zero security impact in the wild?
I don’t mind Wayland having security features, but why are they so heavy-handed and non-optional? Things like firewalls, AppArmor, cgroups, they’re all customizable. Why is Wayland all or nothing?
The reason I mentioned keyloggers is because it allows an attacker to perform privilege escalation by recording your sudo/root password and automating an attack. I searched it up and I do see automation tools for Wayland, maybe they aren’t as developed as those for X11. For you, your usecase makes sense, though i (personally) wouldnt take that risk. The majority of users do not use such tools and should probably use Wayland.
keyloggers is because it allows an attacker to perform privilege escalation by recording your sudo/root password and automating an attack
So does putting a script called
sudo
in your PATH.Keylogging is one of the lamest, most inefficient methods of attack. If you can run code on someone’s machine there are so many other things you can do.
The fact Wayland has wasted so much time and complicated things so much focusing on a non-issue is mind-blowing.
The majority of users do not use such tools and should probably use Wayland.
Don’t worry, this is not the only thing holding back Wayland adoption.
Just because a malicious application is installed on your computer doesn’t mean it should be allowed to freely exfiltrate data. It does not require root to perform this attack, a malicious script or AppImage could just as easily steal your keypresses. Or an extension in your browser, or a mod for your favorite game. You shouldn’t need to read all the code for every application (including each subsequent patch and update) just to be sure it isn’t stealing your data. Plus, why not use Wayland?
Again, if you have malicious code running on your computer it can do lots of things. It can access your files, the network etc. You have to keep an eye on security vulnerabilities all the time anyway, which thanks to FOSS is easier. You’re pigeonholing on keylogging but there are lots of ways that malicious code can hurt.
Windows has chosen to go the route of allowing malware in and dealing with the fallout later. It didn’t work out so great. UNIX and Linux have been on the side of not allowing malware in at all if possible.
If you want to use a system that restricts access to all apps to all resources all the time you can, but I think you’ll find it very limiting and inconvenient. But it would be your choice.
In the meantime, if my choice is to disregard the purely hypothetical threat of keylogging, I should be able to do that, especially since breaking inter-window communication also breaks all desktop automation.
And that’s why I don’t use Wayland: it broken desktop automation and it won’t give us a choice in the matter, for the sake of one, randomly selected, purported security issue.
Security is preemptive. Keylogging is not a hypothetical, it just hasn’t happened to you. Neither is it random, desktop linux is differentiated from linux server by its GUI. It is much harder to make linux desktop secure. I see threat as one of many in a long list of the weaknesses present in desktop linux.
I am not trying to say you shouldn’t have the choice to use X11, my original comment was about how Linux Mint doesn’t offer the choice of a DE that supports Wayland.
Similarly, a flower pot falling on your head is not a hypothetical, it just hasn’t happened to you.
But does it mean you should wear a helmet every time you go outside?
To begin with, the probability of keylogging being used in an attack against you is abysmal. Not because it can’t be done, but because it’s a complicated, inefficient attack, and if the attacker can run code on your machine there are much better ones.
Secondly, keylogging is still possible on Wayland, if the malicious code can attach to the relevant processes. Such as a vulnerability in your browser, which also happens to be a place where you type passwords and CC numbers a lot.
Third, as Wayland evolves it will have to develop better IPC features. You can’t have a functional desktop with zero communication. And we’ll be back to square one.
Fourth, desktop communication is not even that sensitive. 99% of it is stuff like “window id 0x09123 was maximized”.
Last but not least, if keylogging were a real issue, don’t you think it would have been addressed in the 40 years that X11 and Xorg have been around? It’s fascinating how some people think that Wayland was the first to discover this previously completely unknown threat that threatens to doom us all.
I would recommend Bazzite or Aurora/ Bluefin. Bluefin is Gnome, and Aurora is KDE.
Both Bazzite and Bluefin are very similar. Bazzite is gaming focused, and the other one is more general purpose, but you can use them interchangeably and also rebase from one to the other.
They are the poster childs of the uBlue project, which uses, modifies and redistributes Fedora Silverblue images.
They both are part of the Fedora Atomic family, which makes them nearly indestructible, convenient and secure.
They focus a lot on containerised workflows, e.g. Distrobox, Flatpak, Homebrew, and, as you mentioned, Nix. They all come pre-installed, and if they don’t work ootb (e.g. Nix), they are just one
ujust
command away.I have used both over the past year and I couldn’t be more happy. Give them a try!
If you’re on Nvidia, go with something like Nobara or Bazzite. Nvidia’s linux drivers are in flux right now (esync/wayland), you want a distro that is aggressively chasing the latest drivers but lets you take a step back with atomic updates.
If you want an Arch-based gaming distro there is Garuda (also a non heavily-themed version). I used Garuda before switching to plain Arch. It ran pretty well and I really liked the btrfs filesystem and the snapshots. It meant I could easily restore a backup of my system if I manage to break it. Which I did a few times.
Plain devuan or debian is fine, assuming you do a bit of configuring of kde or whatever before handing it over to the user. No need to use a super obscure fork, as those compound trust issues, and you have to wait for your downstream distro to sync with upstream, even if upstream is already up to date.