The Issue with Binary Blobs
Over the years, Linux has adopted a trend of including firmware “binary blobs” to its kernel. These binary blobs are small pieces of software that are provided as a closed-source binary froom a hardware manufacturer. It is then loaded by the Linux kernel as-is. In turn, this provides a perfect support for your hardware. While this is convenient for someone who wants good compatibility with the hardware that he uses, the opaque nature of these binary blobs introduces various security and reliability concerns. This is because binary blobs do not allow third-party developers to audit the blob’s source code. As such, this can become an issue for those who value their security as well as for those who use their computer for critical work.
Why Use Linux-Libre?
Linux-Libre allows you to use Linux without binary blobs and run 100% FOSS in your machine. However, since Linux-Libre relies on open source drivers, it does not always have the best hardware support. Despite that, Linux-Libre is reliable and works very well. This makes Linux-Libre attractive to regular users who want to have a stable and secure Linux installation. With that in mind, this article takes a look at some of the best Linux distributions that use the Linux-Libre kernel for both casual and power users.
1. Trisquel Linux-Libre
Trisquel is an easy-to-use Linux-Libre distribution based on Debian. It not only benefits from the security provided by Linux-Libre but also receives stable updates through Debian. Further, Trisquel aims to be as user-friendly as possible. It will guide you through the installation and even up to when you first boot up your computer. This makes it one of the best Linux distributions for a new computer user. Trisquel also sports a number of features:
Built and configured in Galicia, Spain, making it one of the few Linux distributions to support a native Spanish desktop environment.Supports a way to create an encrypted volume by default, making it useful if you want to create a Trisquel installation that is secure down to the hard drive level.Built to be used by people with disabilities. This includes an audio guide as well as settings that you can enable for visual problems such as colorblindness and partial to full blindness.
2. PureOS
PureOS is a beautiful Linux-Libre distribution that is included by default on the Purism brand of laptops. Similar to Trisquel, it is also based on Debian and benefits from its stable packages. Unlike Trisquel, however, one of the main selling points of PureOS is that it works on the idea of “convergence,” so there are features that makes it usable in both desktop and mobile screens. PureOS also includes the following features:
Secure from the ground up, and the developer team constantly checks and audits for potential exploits in the distribution. Has good support for Android devices through GNOME. In that, you can pair your smartphone with your machine to use applications in PureOS as well as control your computer remotely.Has a simple application manager that allows you to easily install packages without using the command line. It’s useful for those who want to use their computers for daily tasks without the use of the terminal.
3. GNU Guix
GNU Guix is a Linux-Libre distribution that aims to create a reproducible operating system. It allows you to create your own system that can recreate itself. It’s useful for people who own multiple machines or those who want to make sure that what they are installing is the same all the time. GNU Guix also has the following features:
Allows you to create a rolling snapshot of your computer. This includes both your packages and configuration files. Because of that, it is possible to jump to any point in the history of your system, making it easy for you to recover from any failures.Allows you to install multiple versions of the same software. It’s useful for testers who want to check software between version changes.Written in the Guile Scheme language, which is based on Lisp and easy to understand. GNU Guix is not only flexible for the power user but also easy to configure for a novice.
4. Parabola Linux-Libre
Parabola is a Linux-Libre distribution that aims to create a simple and minimal Linux installation. It is based on Arch Linux and caters to power users. Parabola can be a powerful distribution that is both secure and bleeding edge. Further, Parabola’s commitment to security means it runs audits on the packages it provides. Any issue in the packages in Parabola has already been patched. It’s useful to users who are concerned with security issues that can impact their work on their computer. Parabola ships with these features:
Comes with two programs – yourfreedom and yourprivacy– that scan your system for any security risk and show programs that have those risks.Also comes with the noprism repository: a selection of secure software. The programs here are built to run in unsafe computing situations.Can install Parabola without reinstalling your system. Arch Linux users can migrate their system to Parabola by using its sources and updating the system from there.
5. Hyperbola Linux-Libre
Hyperbola is a Linux-Libre distribution that aims to focus on stability and long-term support releases. Similar to Parabola, Hyperbola is an Arch-based Linux distribution. Its one main difference with Parabola is a strict policy for stability and simplicity. Updates are few and far between, as they test the updates to ensure they will not break between upgrades, making it a distribution for workstations that need to always work. Hyperbola shows its commitment to simplicity and stability with the following features:
Aims to cut the complexity of a Linux system by removing programs such as SystemD. This makes the system run with lesser requirements and have a small surface for any issues to appear.Comes with Xenocara by default: a version of Xorg that is patched by the OpenBSD developers to be reliable and stable.Uses LibreSSL for its SSL and TLS certificates. LibreSSL is a modern fork of OpenSSL and has introduced updates, audits and revisions that removed issues with OpenSSL.
If all this talk made you curious about what it takes to compile your own Linux kernel, you can check out this useful guide.
1. What kind of hardware issues should I expect with Linux-Libre?
For the most part, the Linux-Libre kernel provides a free and open source alternative to hardware drivers. However, one of the issues with this version is the lack of support for devices with no open source drivers. A couple of issues to look out for are:
You are using a proprietary wireless card for Wi-Fi, which usually happens if you are using an Intel wireless card.You are using a recent nVidia graphics card and the open source driver, noveuau, does not have a version for it yet.
For the first issue, you will need to change the wireless card that your machine is using. The most popular open-source-friendly cards use the Atheros wireless chips often found in cards such as TP-LINK and Panda. For the latter, you will need to wait for a version of noveuau to support your graphics card. This normally takes a few months after a release of a new graphics card.
2. Is Linux-Libre up to date?
Yes! The Linux-Libre kernel is actively following the “mainline” Linux kernel. For any release of the Linux kernel, Linux-Libre will releases a version for it.
3. Which Linux-Libre Distribution is for me?
This is a highly subjective question. However, a quick rule of thumb in picking a new distribution is whether it suits your needs. For example, if you are looking for a complete distribution that is easy to use, you are better served using PureOS and Trisquel Linux-libre. However, if you are more concerned about being able to have a consistent system and willing to hack into it to make things work, you will probably find GNU Guix to be perfect for you. Lastly, if you are a security-focused user or need a computer that has to perform in situations that require privacy, you might find using Parabola and Hyperbola Linux-Libre to be the one that fits the bill. These are distributions that are committed to stability above all else, so you can rely on them to secure your system for you. Image credit: Unsplash