These set of notes are Linux specific, check out OS page for general OS notes.
What is a Linux distro?
Linux distro = Linux Kernel + (GNU) tools and libraries + desktop environment + package manager + other software
How to choose a Linux distro?
- if you are new to Linux, or use Linux as your desktop, choose Ubuntu or its popular user friendly derivatives.
- if you are working on Linux servers, get familiar with Debian and/or RedHat (CentOS used to be popular on servers, but things changed.)
- if you are a hardcore Linux user, or simply want to learn more, choose a more customizable distro: Arch, Gentoo or Slackware.
- if you have specific use cases, search for the best option for the job: if you are working on security and doing Penetration Testing, choose Kali; if you want to deploy applications in container / cloud, choose a small distro like Alpine.
- for compliance, double check the requirements. (e.g. Ubuntu cannot be used in some cases in the US because the company, Canonical, is not based in the US.)
Linux Distros Differences
The word "Linux" actually refers to the Linux Kernel. That is why sometimes you may see the term GNU/Linux: GNU provides tools on top of the kernel.
Linux distros all use Linux kernel, though the versions may be different. The Linux kernel community promised that no upgrade will ever break anything that is currently working in a previous release.
Source code: https://github.com/torvalds/linux
- tools and libraries
- C standard library: e.g.
musl, etc. Read More: Standard Libraries
- BusyBox: a software suite that provides several Unix utilities in a single executable file, created for embedded operating systems with very limited resources. GPLv2
- Toybox: a 0BSD licensed BusyBox alternative, used in AOSP
- C standard library: e.g.
- desktop environment: GNOME, KDE, XFCE, etc
- package manager:
- APT / dpkg: Debian and derivatives.
- RPM: Redhat and derivatives.
- pacman: Arch and derivatives.
- postage: Gentoo and derivatives. (e.g. ChromeOS)
- init systems
systemd: most major distros use this
- OpenRC is the default init system of Gentoo, Alpine Linux
- Supported chips / architecture: x86, x86_64, ARM, etc.
Some distros do rolling releases while others only release stable versions every a few years. Some distros do both, e.g. Debian has Debian stable and Debian testing.
Notable Linux Distros
The 3 big groups:
- Debian: including various distros derived from Debian and Ubuntu.
- RedHat: RHEL, Rocky, Fedora, and now discontinued CentOS, etc.
- Arch: also includes Manjaro, SteamOS, etc.
There are other noteworthy distros that do not belong to these 3 groups: Gentoo, ChromeOS, Android, Slackware, etc.
Debian / Ubuntu
- Ubuntu is derived from Debian. LTS (Long term support, supported for 5 years) versions every 2 years. Ubuntu is a very popular Desktop Linux.
aptas package manager.
- many Debian / Ubuntu derivatives:
- MX Linux: based on Debian stable.
- Linux Mint: based on Ubuntu.
- Pop!_OS: based on Ubuntu, by System76. System76 is building a new desktop environment in Rust: "There are things we'd like to do that we can't simply achieve through extensions in GNOME".
- Elementary OS: based on Ubuntu.
- Zorin: based on Ubuntu, Windows-like.
- Kali: based on Debian, security oriented.
- Raspberry Pi OS: 64-bit available since 2022.
- gLinux: Google internal, based on Debian; not publicly available.
RedHat / CentOS / Fedora
- RHEL (Red Hat Enterprise Linux) as the name suggests, is primarily for enterprise use.
- CentOS was the open source version; discontinued in 2020; CentOS Stream is NOT a replacement of CentOS, but will be a rolling preview of what's next in RHEL.
- CentOS clones after this change:
- Rocky Linux (parent: CIQ).
- CentOS clones after this change:
- Fedora is the community version. Each release is supported for 13 months; unlike Ubuntu, it does not provide Long Term Support.
- Amazon Linux: Based on Fedora, major release every 2 years, with 5 years of support and quarterly minor release updates. https://aws.amazon.com/linux/amazon-linux-2022
yumas package manager.
Can be fully customized.
- SteamOS: 1.0 and 2.0 were based on the Debian, 3.0 is changed to be based on Arch Linux. (Because Debian is more for servers, and has release cycles; Arch uses a rolling update, which is prefered by Valve for Steam Deck)
- Manjaro: baesd on Arch but much easier to use. Manjaro is Arch-based but it isn’t Arch Linux.
- EndeavourOS: lightweight and ships with a minimum amount of preinstalled apps. Since 2019. As close to plain-vanilla Arch as you can get, without hand-assembling Arch Linux the hard way.
- Garuda: performance oriented.
Gentoo / ChromeOS
- Gentoo: source-code-based. Named after the fast-swimming gentoo penguin, to reflect the potential speed improvements.
- ChromeOS: originally based on Debian, but later moved to Gentoo.
Small, simple and secure. Often used for containers in clouds.
Compare the image sizes by
docker pull debian /
docker pull alpine etc:
- debian: 116MB
- ubuntu: 77.8MB
- alpine: < 10mb
apk to manage packages:
$ apk add --no-cache $PACKAGE
Slackware is the oldest distribution that is still maintained (created in 1993). Highly customizable. The first vesions of SUSE was based on Slackware.
Yes Android is also based on Linux; however Google's new OS, Fuchsia, is not based on Linux, but a microkernel called Zircon.
Read more on Android
Different file hierachy: each program gets its own directory tree.
Optimized for Intel's microprocessors with an emphasis on performance and security. Rolling release.
Google's internal distro.
The first version was named Goobuntu, which was based on Ubuntu.
In 2018, Google moved from the Goobuntu to gLinux, which was based on Debian testing, with rolling releases, to avoid the 2-year release cycles.
For corp machines (directly used by developers to write and test code) only, not for prod (where the services like Google Search runs).
A modified version of the Linux kernel that contains no binary blobs, obfuscated code, or code under proprietary licenses.
License: GPL v2.
An immutable distro ensures that the OS's core remains unchanged.
The root file system for an immutable distro remains read-only: once installed, the system files and directories cannot be modified. Changes made to the system are temporary and lost when the system is rebooted.
Immutable OS is not new, it is how both iOS and Android work. Users do not get admin accounts, or write access to the OS partition. It's effectively a sealed unit.
Benefits and use cases:
- easier testing and container-based software development.
- better security and reliable updates, which is important in cloud computing, embedded systems, kiosks, and container execution.
- easier to scale.
- easier maintenance: they do not require regular updates or patches at the atomic package level.
- mutable OS: use package managers (e.g.
yum) to upgrade software packages in place.
- immutable OS: upgrades are typically handled by creating a new, updated image of the OS and replacing the existing image, in an atomic operation.
- carbonOS: Flatpak-first and container-first
- Fedora Silverblue: same UI and experience as a normal Fedora.
- Fedora Coreos: https://fedoraproject.org/coreos/
- Flatcar Container Linux
- Ubuntu Core: uses snap packages exclusively to create a confined and transaction-based system. Primarily for embedded devices. Much like a vanilla Ubuntu server environment managed remotely via SSH.
- RancherOS: uses Docker for all system processes, and its file system is mounted read-only, making it immutable.
- openSUSE MicroOS
- Photon OS: A Linux-based operating system developed by VMware, which is designed to run containerized workloads.
- Vanilla OS
- Bottlerocket is a Linux-based open-source OS built by Amazon Web Services to run containers on its platform. its usage is limited to AWS.
- Talos Linux: The OS runs in memory from a SquashFS, which leaves the entire primary disk to Kubernetes. designed for Kubernetes.
- Endless OS is a Linux distribution based on Debian.
Squashfs is a compressed read-only filesystem for Linux.
Recent / future developments
eBPF: a handy way to build firewalls.
Extended Berkeley Packet Filter (eBPF) is an in-kernel virtual machine that runs user-supplied eBPF programs to extend kernel functionality.
A program is loaded into the kernel using the
bpf(2) syscall and is provided by the user as a binary blob of eBPF machine instructions. (e.g. can compile C programs to eBPF bytecode,
clang -target bpf)
Microsoft chose to port eBPF into Windows rather than try to duplicate its functionality with its own program.
iptables is a firewall that is built into the Linux kernel. It allows you to filter and manipulate network traffic based on a set of rules that you define. eBPF is more flexible than
iptables. eBPF is best suited for more complex tasks that require custom programs to filter and manipulate network traffic.
io_uring allows Linux to launch an operation asynchronously and wait for its completion. (predecessor: asynchronous I/O (AIO) subsystem)
io_uring uses a memory ring buffer shared between user space and the Linux kernel. This enables it to submit operations and collect the results without needing time-expensive Linux kernel calls. Its API is complex, but if your applications require lots of I/O, you get rewarded with vastly improved increased performance.
Read more: namespaces
The init system. Read more: systemd
The Linux Unified Key Setup (LUKS) is a disk encryption specification