path: root/debian10-review.txt

The Debian project, upstream mother of [countless Linux distributions](https://upload.wikimedia.org/wikipedia/commons/6/69/DebianFamilyTree1210.svg), has released Debian 10, also known as "Buster". And yes, that's a reference to the character from *Toy Story*. All Debian releases are named after Toy Story characters.

Debian has a well-deserved reputation as a rock solid distro for those who don't want the latest and greatest, preferring instead the stability that comes from sticking with what works. Naturally Debian gets security updates, bug fixes and maintenance releases like any distro, but don't expect major updates to applications or desktop environments.

Right now, as with every release, Debian is pretty close to up-to-date with what the rest of the Linux world is doing. But Buster will be supported for five years and Debian 11 won't arrive for at least two years (Buster comes 26 months after Debian 9). As time goes on, Buster will look increasingly outdated.

But wait, isn't Ubuntu based on Debian and it's not out of date? Ubuntu pulls its Debian base from what Debian calls the Testing Channel. Debian Linux consists of three major development branches: Stable, Testing and Unstable. Work on new versions progresses through each, starting life in Unstable and eventually ending up in Stable. Ubuntu plucks its base from Testing, which, from Debian's point of view is only about half-baked. Like I said, Debian is conservative. 

At the same time, in decades of using it, I have never had Debian break on me. I am still running several Debian 8 servers and they continue to chug along with very little input from me. They're set to automatically update to pull in security and bug fixes and they just work. 

In a desktop though, that kind of stability can be a mixed bag. Sure, your system is unlikely to break, but you're also unlikely to get the latest version of applications, which means you may find yourself waiting on new features in GIMP or Darktable long after every other distro has rolled them out.

I used to hope that Flatpaks -- an application packaging method that separates app from underlying system -- would mitigate this somewhat, allowing Debian fans to run stable systems but still get the latest versions of key applications. In practice I have not been able to make this work for me, though I may give it another try now that Debian 10 is here.

## What's New

Debian is always a tough distro to get excited about because, while there's a ton of new things in this release, most of them long ago arrived in nearly every other distro. Debian releases look like the distro is playing catch-up with the rest of the Linux world and in some ways that's exactly what's happening. 

This time around though it feels like there's more to it than that. Most of the major updates in this release involve security in one way or another, making Buster feel a bit like Debian hardened. 

A good example of this is one of the headlining features of Debian 10, support for Secure Boot. Debian 10 can now, in most cases, install without a hitch on UEFI-enabled laptops. Lack of Secure Boot support has long been a stumbling block for anyone wanting to use Debian with all the features of modern machines and now that that's out the way, Debian feels like a much more viable choice for larger institutions with existing security policies.

That's also true of the move to enabled AppArmor by default. AppArmor is a framework for managing application access. You create policies that restrict which apps can access which documents. It's particularly useful on servers where it can be used, for example, to make sure that a flaw in a PHP file can't be used to access anything outside of a web root. While Debian has long supported AppArmor and offered it in the repos, Buster is the first release to ship with it enabled by default.

The third security-related update in this release is the ability to sandbox the Apt package manager. This one is a bit complicated and not enabled by default. Instructions to enable it can be found in [the Debian release documents](https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#apt-sandboxing). Once you turn it on, you can restrict the list of allowed system calls, and send anything not allowed to SIGSYS.

Those three updates alone make Debian 10 worth the update, especially on a server where frequent attacks make something like AppArmor a must-have.

There are some other changes that will affect server users though, and not necessarily in a good way, especially the move from iptables to to nftables for managing your firewall. While nftables is in many respects better than iptables -- the syntax for creating rules is simpler, it's faster, and it offers live tracing  -- it is still different, and will require sysadmins to adjust their workflow and possibly re-write any scripts they have.

The other change that strikes me as potentially problematic for some is the move to automatic upgrades to point releases when you enable Debian's unattended-upgrades package. In the past unattended-upgrades defaulted to installing only upgrades that came from the security suite. With Buster that's expanded to include upgrading to the latest stable point release. 

Now part of the stability of Debian comes from infrequent changes, but the other part of its stability comes from its very extensive testing process. Debian releases sometimes spend longer in a frozen state, just testing package updates, than Ubuntu spends on an entire release. That means stable point releases are unlikely to produce problems. Still, if you used unattended-upgrades to keep your systems up-to-date with security fixes in the past be aware that you'll need to tweak your configuration if you want the same behavior going forward. See the file NEWS.Debian in unattended-upgrades for more details.

Also notable in this release is support for driverless printing via any AirPrint-enabled printer (most printers made within the last few years are AirPrint ready). This feature comes courtesy of the upgrade to CUPS 2.2.10. 

One final note, Buster has finally accomplished the merging of /usr which Debian has been working on for a long time. That means that on a fresh install of Buster the directories /bin, /sbin, and /lib are now aliased to `/usr/bin`, `/usr/sbin`, and `/usr/lib` respectively.

## What you get in Debian 10

Aside from the project-level changes, Debian 10's release notes are relatively prosaic, as you would expect. Debian's goal of stability and the ability to work just about anywhere -- Debian supports more chip architectures than most people have probably heard of -- do not lend themselves to bleeding edge kernels or the latest and greatest graphics driver updates.

Debian 10 ships with Linux Kernel 4.19.0-4, which is the latest LTS kernel release. It arrived back in 2018 and will be supported through 2020 (Debian 10 itself will be supported through 2024). The 4.19 series kernel brings a number of new things to Debian, notably initial support for Intel Icelake graphics, much improved power management, better support for Intel's Low Power Subsystem, better touch screen support, and quite a bit more. You can see everything that's new over at the [linux kernel mailing list announcement](https://lkml.org/lkml/2018/10/22/184).

I've noticed running Debian 10 in my laptop that battery life is at least an hour better than Debian 9 on the same machine. Whether is due to kernel level improvements, or other improvements in the stack is difficult to say for sure, but either way, I highly recommend upgrading if you're running Debian 9 on a laptop.

Part of Debian's original appeal was its comprehesive package availability. If it wasn't in the Debian repos, it probably wasn't a Linux app. In today's world that's less true, but Debian still offers some of the largest repos around with a grand total to 57,703 packages. Of that number 13,370 are new packages added for this release. As part of Buster's release some 35,532 packages were upgraded.

Among the major upgrades are all the desktop environments (more on those below). Debian 10 ships with GNOME 3.30, KDE Plasma 5.14, Cinnamon 3.8, LXDE 0.99.2, LXQt 0.14, MATE 1.20, and Xfce 4.12. Yes, you read that right, the just-barely-ready-for-prime-time LXQt has an official ISO for Debian 10. 

Software you use to get work done has also been updated to the latest available releases like LibreOffice 6.1, Firefox, GIMP 2.10.8 and more. Programmers and developers will be happy to know that Debian 10, while not completely Python 2-free, is moving in that direction and has very good support for Python 3, offering Python 3.7.2 out of the box. Python 2 support will end in 2020 and like many other distros Debian is encouraging developers to migrate their applications head of Python 2's end-of-life date.

Another under-the-hood change in this release is the use of the Calameres installer for Debian-Live images. If you install Debian from the Live CD, you'll see the distro-agnostic Calameres installer instead of the good old Debian nstaller. The Debian installer has quite a few more features, and it's still what you'll get if you use a net install or DVD installer, but the Calameres installer is unquestionably more newbie-friendly. It's also refreshing to see a distro that *doesn't* feel the need to roll its own installer, instead using an existing, relatively mature open source application.

## Desktops

If you needed proof that Wayland has really arrived, Debian 10 is here to provide it. The GNOME desktop in Debian to uses Wayland by default. When a distro as slow to adopt new technology as Debian makes something the default, it's a safe bet that whatever it is, it's ready for prime time. Stick a fork in X.org, because as far as GNOME is concerned it's dead. That said, the X.org display server is also still installed by default and available for those who'd like to use it.

I have had no issues running GNOME under Wayland on Debian 10. This release brings GNOME 3.30, which is most notable for its speed boost. Developers from both Red Hat and Canonical put some time into fixing memory leaks and trying to make GNOME Shell faster and less resource hungry. The result is indeed a slightly speedier GNOME, though it is still not a fast or lightweight desktop by any stretch of the imagination. 

GNOME is also not what you want if you're a Debian user. It is the default desktop, as it has been for most of Debian's history, insofar as there is a default in Debian's sprawling array of installation methods, but these days it's not the best choice. 

GNOME Shell updates frequently, making major changes with nearly every release. And those releases arrive pretty regularly, nearly every six months. In the time since Debian 10 froze around GNOME 3.30 earlier this year, there's already been one new GNOME release and another will arrive in September. Will they eventually make their way into Buster's repositories? Maybe. Probably even, but it'll be a while. In my experience, GNOME highlights one of the drawback of Debian stable, it's, well, too stable.

In many respects this is my favorite part of Debian. It doesn't change. It updates what needs to be updated and everything else can wait. 

If you'd like to tap that stability though, and set up a system that you don't have to think about at all for the next five years if you don't want to, I would suggest that the ideal desktop would mirror the distro's own conservative approach the development. Look for something with infrequent updates and when those updates come, nothing much ought to change. Bugs should be fixed, minor updates pushed out, but for the most part your system should be the same after your update as it was before.

There are several desktops that fit this description to varying degrees, but my favorite desktop of Debian is Xfce. 

Like Debian, Xfce usually goes more than a year without a major update, often two years. When updates do arrive they're the kind you want, tons of bug fixes, speed improvements, and little tweaks rather than huge interface overhauls. Ironically, that may not be true this round, as Xfce 4.14 just arrived and makes a fairly major update to GTK 3 components. Still, while you might have to wait a little while for 4.14 to get to Debian 10, rest assured that there won't be nearly as many Xfce updates coming as what you'll get from GNOME or even KDE.

I installed Debian using the net installer, which has a nice graphical installer, though I still opt for the text-based installer. Old habits die hard and something about the text-based installer just feels more Debian to me. Once the base system was running I added Xfce, which is currently at version 4.12. 

Debian's Xfce is rather plain, not customized in any way. It makes a stable desktop that stays out of your way though. I had no problems whatsoever with Xfce on Debian and while the update to 4.14 looks like a nice one, especially the potential speed boost, not much is going to change in terms of looks or functionality. It will arrive when Debian is ready. If that bothers you, Debian is not the distro for you.

I was also curious about Wayland in Debian 10 though, so I ran the Sway tiling window manager for a while. I still have clipboard sharing issues under Wayland though. I could not get copy-and-paste working between Wayland and XWayland apps (Vim and a browser for instance), which is deal breaker for me. That said, the rest of my Wayland experience with Sway on Debian 10 was flawless.

## Conclusion

I've been using Debian 10 for three months now (yes, before it was officially released via a testing channel) and, as you would expect, it is a super solid release. This is remarkable only because I did not have the same experience at all on Debian 9. My initial foray into Debian 9 was fraught with problems and I went scurrying back to Debian 8 in a hurry. I tried again after a year and had better luck, but this time around I've had no problems at all on either the desktop or server (it's worth noting here though, before you upgrade, back up any PostgreSQL data, Debian 10 moves from PostgreSQL 9.6 to 11, a significant migration for any live servers).

While I plan to wait for at least one point release before I test updating any production servers, Debian 10 looks to be a great release. I full expect to be running Debian 10 servers well into the mid 2020s.

On the desktop side I still prefer Arch Linux to Debian on my main machine. This might sound like diametrically opposed distros to compare -- Debian is focused on stability and changes at a glacial pace, while Arch is a rolling release with updates on a daily basis -- but in my experience these have both been the most stable, reliable distos I've used. The chief difference is that one updates all the time to achieve that stability while other updates hardly at all. Different approaches leading to the same result.

In the end I stick with Arch on my daily use machine, primarily because I like having the latest releases of photo and video editing software, which is hard to do on Debian. I once thought that Flatpaks, which bundle their own dependencies independent of the system, would solve this problem, but in practice I've had far more problems with Flatpaks on Debian than AUR apps on Arch.

That said, every machine I don't touch on a daily basis, including all my servers, run Debian and will soon be running Debian 10.