These criticisms all feel very nitpicky and subjective. So many of them seem to boil down to, "this is an opinionated configuration, but their opinions differ from my opinions."
This part was where I stopped taking the article seriously:
>Moreover, taking into account that the system relies heavily on sudo (instead of the more modern doas), and also considering that the default installation configures the maximum number of password retries to 10 (instead of the more cautious limit of three), it raises an important question: Does Omarchy care about security?
This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3? And do you even care about security at all unless you limit to the even more cautious limit of 2?
Moreover, the entire Omarchy ecosystem is held together by often poorly written Bash scripts that lack any structure, let alone properly defined interfaces. Software packages are being installed via curl | sh or similar mechanisms, rather than provided as properly packaged solutions via a package manager. Hansson is quick to label Omarchy a Linux distribution, yet he seems reluctant to engage with the foundational work that defines a true distribution: The development and proper packaging (“distribution”) of software.
Because it's opinionated? So maybe there are scripts that use sudo, and perhaps he needs more than 3 tries to fat-finger his password?
Personally, my opinion, I use sudo, and if I take more than 3 goes then I deserve a timeout to get my act together. Anyway, 10 attempts isn't enough to brute-force a decent password, and if bruteforcing is a concern then add 2FA codes or hardware.
There's more serious concerns in the article though - the part about the screensaver / hyprlock? That's just security theatre.
I’m all in for opinionated software, but not in the cases it is made by people… (if not vibe-coded, lol) by incompetent people. That’s what the article is about if you were to read it longer than you mentioned. Great that you are the top comment, summarises this community for me.
Agree with this 100%. The article reads as a super gatekeepy “he made different choices than me so I’m going to trash it and him” piece. The author’s perspective seems to be “how dare he use bash scripts! REAL programmers use system level languages”. Come on buddy.
Author claims there is no structure to the project but one look in the GitHub repo says there clearly is. Also, how many users will now try Arch (or Ubuntu via Omakub) as a result of this? If the answer is a positive number and DHH wants to put his time and weight behind it, that’s a good thing.
I'll admit I read only the summary linked at the beginning, so I surely skipped over minutae that might have lost me. That said, I disagree with this and gp: the conclusion strikes me not as gatekeepy but reasonable and humane to inexperienced users:
> In fact, it is Omarchy that complicates things further down the line, by including a number of unnecessary components and workarounds, especially when it comes to its chosen desktop environment. The moment an inexperienced user wants or needs to change anything, they’ll be confronted with a jumbled mess that’s difficult to understand and even harder to manage.
> If you want Arch but are too lazy to read through its fantastic Wiki, then look at Manjaro, it’ll take care of you. [...]
> On the other hand, if you’re just looking to tweak your existing desktop, check out other people’s dotfiles and dive into the unixporn communities for inspiration.
That strikes me as very fair. I don't think it's gatekeeping to say that setting users up with a "distro" that eschews package management for a pile of curl|sh invocations is a bad idea for which there are much better approaches.
That commentary proves that the guy doesn't get it or is being a willfully obtuse hater. One of the big reasons people have been gravitating toward Omarchy is because they don't want to spend hours ricing or tweaking their desktop, they want to be getting shit done after a sub-15 minute install. And Omarchy does that very well. That's what omakase and "opinionated" mean.
That sounds fine for those first 15 minutes and maybe first weeks though. What if a certain `curl | sh` fails after a month? What if I need some other stuff down the road? If anything the article's criticism makes sense from the perspective of needing to get work done, and omarchy seems to be focused more on the aesthetics. A package manager is exactly what is needed to get shit done instead of tweaking and troubleshooting stuff.
Omarchy is fine as an (opinionated) collection of dotfiles and configurations, but there are reasons proper distros are useful aside from wanting to spend time tweaking stuff or whatever. I don't see how the article talks about anything else than practical issues with it.
Omarchy is a very fast moving target at this point. I have every expectation that in the near future, they'll develop a package manager. I agree that Omarchy is not yet a "real distribution", but it's undeniable that it's rapidly heading in that direction.
>This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3?
> Omarchy takes security extremely seriously. This is meant to be an operating system that you can use to do Real Work in the Real World. Where losing a laptop can’t lead to a security emergency.
lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?
How many times does your bank allow you to type in the wrong password? Is it 10? Cmon.
>lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?
It should, but anything below 100 guesses or so is kind of fine, unless the attacker knows you and has good guesses about your password.
Let's be generous and assume a six character password of all lowercase letters. That's 26^6 possible passwords. That's 3x10^8 possible passwords.
3 guesses means that you have a 0.000001% chance of guessing the password, whereas 10 guesses means your chances are 0.0000032%. Are you worried about a 0.0000022% difference?
The odds are slightly scarier if you limit it to English words, but I still doubt that 3 vs. 10 has any meaningful difference in practical terms.
I'm not seeing why 10 is so significantly worse than 3... How big of a difference is that, really? I believe it took something like 6 failed attempts for my bank to lock me out.
But why change the default? Is this in the top 10 things you would do after installing your distro of choice?
To me, this indicates a lack of judgement around what should be prioritised, which is reflected across the many issues the post raises. Naturally judgement is an acquired skill, which novices lack (and which they gain through experience and guidance), but given the big names associated with the project, that doesn't reflect well on their other projects.
> lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password?
I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).
> Especially since it's not vetting that actual security of the password itself?
Yes, that should be fixed. But it's a separate matter.
At this scale? No, no they do not. Even if you know my password is a single dictionary word in lower case, the odds of you guessing it in 3 vs 10 guesses is negligible.
In fact, let's do this right now: I've just thought of a random english word and written it down. I'll give you 20 guesses. Guess it right and I'll agree with you.
"Hey guys, I'm going to prove that an OS that claims that you don't have to worry about security anymore is actually secure by asking a total stranger to guess my password"
Since it's so flimsy and insecure, you should guess so you can prove how insecure it is. Alternatively, you could fail to do that, because 10 guesses is safe even against an awful password.
lol But what if, and I know this sounds absolutely insane, the person who stole your laptop knows you and isn't a total stranger on the internet? In your security guru mind, would that effect the probability of them guessing right? Or are you of the opinion that you don't need to worry about people close to you breaking into your stuff?
If someone steals your laptop, then sudo limiting guesses is completely irrelevant. Note that I started with
> I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).
If you'd like to point out that it's really important to require a high-entropy password for the lockscreen or disk encryption, then I'll agree, but that isn't the argument we're in right now.
I'm a long term Linux user (since 2003) and I have a brand new Lenovo Thinkpad X1 13th Gen sitting here with a blank boot medium and I have to decide what to install as an OS now. Ubuntu again? Fedora maybe due to more recent drivers? Omarchy due to - why not?
The gap this fills is simple: those who just want a flashy arch installation to post on socials. These people have no concerns about quality because they haven’t used Linux extensively and aren’t using their OS for genuine work.
There are numerous other, much more professional and vetted distributions that will better serve you. If you had read the article you’d not be making this comment.
Non work as good as omarchy for my very light web development needs at home.
Starts with very simple things, like podman with its improved security getting in my way, or copy paste not working the same in all apps and terminals.
I unfortunately have not a lot of time, between my familie, friends, hobbys and job.
Tbh the reduced/sensible security is most likely one of omarchys selling points.
As always, there are some nebulous "processional" and "vetted" (by whom) distirbutions that will serve "better" (what is the definition of "better")? And it's always a different set. The article doesn't even pretend to qualify why the distributions it picked are better. It even goes as far as saying "If that’s still not to your liking, maybe explore something completely different." and links to distrowatch, as if that's helpful
I've installed and used vanilla Arch from scratch on at least three different machines, but this time around I wanted Arch on a ThinkPad but didn't want to spend a few hours configuring and ricing it to my liking.
Also the tech-influencers like tj and primeagen hyping this hard. I sometime wonder when out industry went to shit. Its all AI slop and hype influencers these days.
What a ridiculous attempt at gatekeeping. People like you are the reason why regular people shun so many communities --- including Linux.
I have used linux since red hat 5.0 in the 1990s, and I think this distro is a great idea. If it helps people switch to libre/free software, then that is a good thing indeed.
People who need "help" to switch, from what I've seen, are realistically going to care more about the included DE/WM than anything else. Any number of distros offer Windows-migration-friendly options like Cinnamon (and bundle popular software like LibreOffice, even if there are better alternatives and even forks). And the newcomers really do need to get used to a well-thought-out package manager rather than training to curl | sh all the things.
For a new user that would prefer a familiar DE, linux mint and elementary is a good choice. If you’re willing to learn a new OS but wants to start quick, I would recommend Fedora.
Anything else is better suited when you have opinions about the ecosystem.
I’m not gatekeeping. This is something I have seen time and time again. I have no animosity towards these people, I am glad to see more people working with Linux, but it is a fact that they are not concerned about the quality of the software they run. That’s why they’re running Omarchy.
> After initially downloading the official ISO file, the first boot of the system greets you with a terminal window informing you that it needs to update a few packages. And by “a few” it means another 1.8GB. I’m still not entirely sure why the v3.0.2 ISO is a hefty 6.2GB, or why it requires downloading an additional 1.8GB after installation on a system with internet access. For comparison, the official Arch installer image is just 1.4GB in size.
That is interesting.
I would respect the article a lot more if it spent words on actually investigating things like this, rather than repeated nitpicking.
The author is remarkably negative without actually trying to help anything. The globbing is borked on some shell scripts in a very young Linux distribution? Submit a pull request rather than writing a blog post.
And then the tab changes its name to something dumb when you leave to try to get you to disable JS.
They're mad things come pre-installed. They're mad things don't. They just like being mad.
OK, I have to admit I cracked up and lost it at "Dude's got the vibe of a cat." That's such a great line with such rich, pointed meaning packed into only a few words.
Besides the gatekeeping, "imperfect" and "unserious" tools can be valid so that people try the thing. "Do your research and try elsewhere" hasn't worked so far, has it?
I've found Pop!_OS 24.04 beta, with COSMIC, to be more suitable for my preferences than Omarchy. You get the best of both worlds -- hybrid tiling experience. You can toggle between tiling (like Hyprland) and regular desktop environment (like GNOME).
It is so sad to see so many people -- including the article, to an extent -- and also people in the comments cast shade on this distro and the people who may try Linux either for the first time, or perhaps one more time, because they tried and failed to switch before.
Calling it flashy is an especially amusing critique. You couldn't kick your way through the 90s and 2000s without the endless parade of semi-transparent terminal windows running on various shades of windowmaker, enlightenment, kde, etc. all to show off how much more advanced the graphics pipeline and customisation was compared to Windows or Mac at the time. So this is hardly a new thing.
Let's hope this distro picks up steam; that it helps convert people who are fed up with Apple and Microsoft to another way of doing things. Arch + hyprland is a fine place to start.
The guy who glazes JD Vance, the 1000000% alt-right Vice President who doesn't care about literal Nazis infiltrating his party is probably part of the alt-right.
> You couldn't kick your way through the 90s and 2000s without the endless parade of semi-transparent terminal windows running on various shades of windowmaker, enlightenment, kde, etc. all to show off how much more advanced the graphics pipeline and customisation was compared to Windows or Mac at the time. So this is hardly a new thing.
What does this even mean with respect to the article?
This blog pranks you with changing titles when you switch tabs (some nsfw), then welcomes you back with a paragraph inciting you to disable Javascript. That's nice, but I actually need Javascript in my browser to do real stuff.
It's like 3 lengthy paragraphs that don't even get to the point until the end. The writing wasn't particularly good in the first place, so I just closed the tab when I saw that.
I felt just a tiny bit violated by that. Why does this person care about whether I have JS enabled? What’s the term for author’s affliction? Militant techno-minimalism?
The cynicism is also pretty strong, in the first call-out, asking HN audience to jump to the TLDR, because?
The author seems very set on following "the proper way of doing things in the linux ecosystem". If I remember correctly, a key principle from Linus himself is: "Talk is cheap. Show me the code". So did the author open any PR to fix any of the issues he surfaced ?
> Omarchy feels like a project created by a Linux newcomer, utterly captivated by all the cool things that Linux can do, but lacking the architectural knowledge to get the basics right
I've used Omarchy over the last few months and I don't think this is a fair assessment of the project. Sure, it definitely fells hacky in some places but I don't think it's that bad.
Even though I don't fully agree with the article, I think the conclusion is right. If you already knows your way around linux, Omarchy probably won't be a good option for you in the long term.
I fully switched to linux around 2008 and never looked back. I went through most of the major distos, from Gentoo to Ubuntu. I'm not an expert, but I have a pretty good understanding of how things work under the hood.
Even with all this knowledge I stumbled upon a bug that I wasn't even sure on how to start debugging. In my desktop I have 2 monitors and when the system wakes up from sleep my secondary monitor starts up faster than my main monitor and this puts them in the wrong order, as if I had swapped them left-to-right.
This is a trivial issue, I'm sure that ChatGPT could guide me through this issue in no time. But it made me realize that if I choose to stick with Omarchy I will need re-learn a lot of things, I will need to learn about several new tools and configuration schemas. And I don't want to do it right now, that's not a good time investment for me. Especially if there are no guarantees these tools will still be relevant in 10 years.
And this is why I'll be switching back to old and boring Fedora.
I guess Omarchy looks cool but I remember Linux distros being just as cool in 2002 with Enlightenment and many other custom scripts and setups. Unfortunately, Linux on the desktop hasn't moved on much.
On the contrary, linux desktops have IMHO vastly regressed since then (in regards to "cool" factor). I remember when the compiz cube desktop was everywhere; now it feels like everything is bland in comparison.
Yup that was a great demonstration of 3d graphics too. That reminds me all those years in the late 90s and early 2000s when I spent countless hours trying to get the graphics driver working properly with X. Kept running the Gears demo to see if it had sped up, but no, it was still extremely slow.
Still have muscle memory of commands like glxinfo, xdpyinfo etc. ;-)
Actually, that's the funny thing - the reason I qualified that we've regressed specifically in the cool factor is that the rest of it has (mostly) done great, and today the drivers (and hardware, I guess) are in a great place, so we easily could do the fanciest graphics you could ask for, but...
The author recommends using "Do Not Track", but this has been deprecated for some time. Safari and Firefox have both removed the option completely. Perhaps the author meant GPC?
For all of the security suggestions in this article I was also surprised to see the author recommending ungoogle-chromium, which has a number of security issues. See: https://qua3k.github.io/ungoogled/
The primary issue I take with the article is the chosen tone. I think there are ways that these points could have been made without being overly cynical and negative. I think speaking authoritatively throughout the article has the effect of equating the importance of subjective preferences (like the choice of which terminal emulator to include), with legitimate security concerns (bash shortcomings, migrations, firewall misconfiguration, piping curl | sh to install software).
I wouldn't use Omarchy, but I am glad it exists. It's bringing more people into the desktop Linux ecosystem, which should be positive sum. Omarchy comes off to me as a little hacky and immature, but at this stage that seems.. mostly fine? Perhaps they should be more clear about that in their marketing, but I understand the goals and I admire the enthusiasm from DHH.
> And by “a few” it means another 1.8GB. I’m still not entirely sure why the v3.0.2 ISO is a hefty 6.2GB, or why it requires downloading an additional 1.8GB after installation on a system with internet access.
hello, can you share the lobsters forum invite with me?
I checked your portfolio and see the socials we used together, I also have X account.
my X: frontendhashira
I am surprised Omarchy got such a large audience, DHH had already dropped an opinionated Ubuntu 'distro' - Omakub - but seemingly didn't gain popularity.
Even though I haven't used it, I don't mind Omarchy existing if it works. I had issues with omakub when I had tried it in the distant past.
That said, I think a lot of peoples criticism of DHH and Omarchy is based on their personal opinions of DHH or that they don't like that an opinionated Arch variant is opinionated, which is a bit of a ridiculous criticism too.
tl;dr of the summary: Omarchy is a toy, not a proper tool, and dangerously "naive".
Why is even the summary longer than most articles nowadays? I will maybe read te full article later, but probably will just let it rot on my pile of readlaters.
Is this enough trash-talk now? Is the Pro-tip pleased?
Visual appearance is the main indicator to identify the perceived culture of some random person on the streets, so it's a justified assumption the writer was talking about this.
> Chiefly because it's no longer full of native Brits. In 2000, more than sixty percent of the city were native Brits. By 2024, that had dropped to about a third. A statistic as evident as day when you walk the streets of London now.
I personally don't see how it could be "as evident as day" simply by walking around and observing without bringing skin color into it. Walking the streets of London doesn't reasonably include the activity of investigating the citizen status of everybody one sees so he's presumably not observing "native or not". And if he's not observing that, then it seems reasonable to think he's observing their skin color. At least, it does without him clarifying what he was otherwise observing.
But some of the words also link to a wikipedia article (https://en.wikipedia.org/wiki/Ethnic_groups_in_London) which doesn't actually support his point unless you look at numbers that explicitly concern race. More specifically, I can't find the race-agnostic numbers which corroborate the specific (approximate) numbers he gave. There's a "White British" row in a table that has a value of 36.8% for the 2021 census. It shows 59.79% for the 2001 census.
It's hard to compare strictly with citizenship using the numbers he linked to, which seems another reason to assume he was thinking in terms of skin color. On top of the fact that the wiki article is titled "Ethnic groups in London", which is not relevant to citizenship status, nor whether they "natively" got their citizenship. I mean, seriously, what evidence could he even be using to make the claim that a mere 1/3 of London's population is comprised of "native Brits", if we start with the assumption that it's not what he observed of others' skin color? (Not rhetorical despite the tone, please answer if you have an idea.)
These criticisms all feel very nitpicky and subjective. So many of them seem to boil down to, "this is an opinionated configuration, but their opinions differ from my opinions."
This part was where I stopped taking the article seriously:
>Moreover, taking into account that the system relies heavily on sudo (instead of the more modern doas), and also considering that the default installation configures the maximum number of password retries to 10 (instead of the more cautious limit of three), it raises an important question: Does Omarchy care about security?
This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3? And do you even care about security at all unless you limit to the even more cautious limit of 2?
This seems pretty valid if true:
Moreover, the entire Omarchy ecosystem is held together by often poorly written Bash scripts that lack any structure, let alone properly defined interfaces. Software packages are being installed via curl | sh or similar mechanisms, rather than provided as properly packaged solutions via a package manager. Hansson is quick to label Omarchy a Linux distribution, yet he seems reluctant to engage with the foundational work that defines a true distribution: The development and proper packaging (“distribution”) of software.
Because it's opinionated? So maybe there are scripts that use sudo, and perhaps he needs more than 3 tries to fat-finger his password?
Personally, my opinion, I use sudo, and if I take more than 3 goes then I deserve a timeout to get my act together. Anyway, 10 attempts isn't enough to brute-force a decent password, and if bruteforcing is a concern then add 2FA codes or hardware.
There's more serious concerns in the article though - the part about the screensaver / hyprlock? That's just security theatre.
What about just ignoring package signatures?
https://github.com/basecamp/omarchy/blob/master/default/pacm...
That was my feeling.
I find somewhat ironic that he calls out the security aspect of it without considering the audience.
I feel the tracking for advertising is a lot more a security issue than it is the chances of somebody brute forcing a laptop password
I’m all in for opinionated software, but not in the cases it is made by people… (if not vibe-coded, lol) by incompetent people. That’s what the article is about if you were to read it longer than you mentioned. Great that you are the top comment, summarises this community for me.
Agree with this 100%. The article reads as a super gatekeepy “he made different choices than me so I’m going to trash it and him” piece. The author’s perspective seems to be “how dare he use bash scripts! REAL programmers use system level languages”. Come on buddy.
Author claims there is no structure to the project but one look in the GitHub repo says there clearly is. Also, how many users will now try Arch (or Ubuntu via Omakub) as a result of this? If the answer is a positive number and DHH wants to put his time and weight behind it, that’s a good thing.
I'll admit I read only the summary linked at the beginning, so I surely skipped over minutae that might have lost me. That said, I disagree with this and gp: the conclusion strikes me not as gatekeepy but reasonable and humane to inexperienced users:
> In fact, it is Omarchy that complicates things further down the line, by including a number of unnecessary components and workarounds, especially when it comes to its chosen desktop environment. The moment an inexperienced user wants or needs to change anything, they’ll be confronted with a jumbled mess that’s difficult to understand and even harder to manage.
> If you want Arch but are too lazy to read through its fantastic Wiki, then look at Manjaro, it’ll take care of you. [...]
> On the other hand, if you’re just looking to tweak your existing desktop, check out other people’s dotfiles and dive into the unixporn communities for inspiration.
That strikes me as very fair. I don't think it's gatekeeping to say that setting users up with a "distro" that eschews package management for a pile of curl|sh invocations is a bad idea for which there are much better approaches.
That commentary proves that the guy doesn't get it or is being a willfully obtuse hater. One of the big reasons people have been gravitating toward Omarchy is because they don't want to spend hours ricing or tweaking their desktop, they want to be getting shit done after a sub-15 minute install. And Omarchy does that very well. That's what omakase and "opinionated" mean.
That sounds fine for those first 15 minutes and maybe first weeks though. What if a certain `curl | sh` fails after a month? What if I need some other stuff down the road? If anything the article's criticism makes sense from the perspective of needing to get work done, and omarchy seems to be focused more on the aesthetics. A package manager is exactly what is needed to get shit done instead of tweaking and troubleshooting stuff.
Omarchy is fine as an (opinionated) collection of dotfiles and configurations, but there are reasons proper distros are useful aside from wanting to spend time tweaking stuff or whatever. I don't see how the article talks about anything else than practical issues with it.
Omarchy is a very fast moving target at this point. I have every expectation that in the near future, they'll develop a package manager. I agree that Omarchy is not yet a "real distribution", but it's undeniable that it's rapidly heading in that direction.
>This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3?
God, this comment is funny to me. This is pulled straight from this website (https://learn.omacom.io/2/the-omarchy-manual/93/security)
> Omarchy takes security extremely seriously. This is meant to be an operating system that you can use to do Real Work in the Real World. Where losing a laptop can’t lead to a security emergency.
lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?
How many times does your bank allow you to type in the wrong password? Is it 10? Cmon.
>lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?
It should, but anything below 100 guesses or so is kind of fine, unless the attacker knows you and has good guesses about your password.
Let's be generous and assume a six character password of all lowercase letters. That's 26^6 possible passwords. That's 3x10^8 possible passwords.
3 guesses means that you have a 0.000001% chance of guessing the password, whereas 10 guesses means your chances are 0.0000032%. Are you worried about a 0.0000022% difference?
The odds are slightly scarier if you limit it to English words, but I still doubt that 3 vs. 10 has any meaningful difference in practical terms.
I'm not seeing why 10 is so significantly worse than 3... How big of a difference is that, really? I believe it took something like 6 failed attempts for my bank to lock me out.
But why change the default? Is this in the top 10 things you would do after installing your distro of choice?
To me, this indicates a lack of judgement around what should be prioritised, which is reflected across the many issues the post raises. Naturally judgement is an acquired skill, which novices lack (and which they gain through experience and guidance), but given the big names associated with the project, that doesn't reflect well on their other projects.
> lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password?
I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).
> Especially since it's not vetting that actual security of the password itself?
Yes, that should be fixed. But it's a separate matter.
> Yes, that should be fixed. But it's a separate matter.
Sure, because the complexity of your password and the amount of times you get before you're locked out historically don't effect each other lol.
At this scale? No, no they do not. Even if you know my password is a single dictionary word in lower case, the odds of you guessing it in 3 vs 10 guesses is negligible.
In fact, let's do this right now: I've just thought of a random english word and written it down. I'll give you 20 guesses. Guess it right and I'll agree with you.
This has to be satire. HAS TO BE.
"Hey guys, I'm going to prove that an OS that claims that you don't have to worry about security anymore is actually secure by asking a total stranger to guess my password"
lol.
Since it's so flimsy and insecure, you should guess so you can prove how insecure it is. Alternatively, you could fail to do that, because 10 guesses is safe even against an awful password.
lol But what if, and I know this sounds absolutely insane, the person who stole your laptop knows you and isn't a total stranger on the internet? In your security guru mind, would that effect the probability of them guessing right? Or are you of the opinion that you don't need to worry about people close to you breaking into your stuff?
If someone steals your laptop, then sudo limiting guesses is completely irrelevant. Note that I started with
> I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).
If you'd like to point out that it's really important to require a high-entropy password for the lockscreen or disk encryption, then I'll agree, but that isn't the argument we're in right now.
Why is this flagged?
I'm a long term Linux user (since 2003) and I have a brand new Lenovo Thinkpad X1 13th Gen sitting here with a blank boot medium and I have to decide what to install as an OS now. Ubuntu again? Fedora maybe due to more recent drivers? Omarchy due to - why not?
That article helped - the flagging? Not so much.
> Why is this flagged?
Probably the juvenile title-altering script that could get people in trouble depending on where they’re from.
> Why is this flagged?
Because there are a lot of DHH fanboys on this site.
It's a tad ironic that critiquing the OS of one a guy who thinks he's fighting for "free speech"* gets flagged. lol.
*He doesn't know what free speech actually is as evidenced by his support of Trump and Elon.
The gap this fills is simple: those who just want a flashy arch installation to post on socials. These people have no concerns about quality because they haven’t used Linux extensively and aren’t using their OS for genuine work.
I want something that works out of the box, i normally use Mac, but for my private machine I switched to omarchy.
Much nicer configuration then fedora/Ubuntu for productivity.
And be assured, i have not posted a single screenshot anywhere.
There are numerous other, much more professional and vetted distributions that will better serve you. If you had read the article you’d not be making this comment.
The author mentions two, i tried both.
Non work as good as omarchy for my very light web development needs at home.
Starts with very simple things, like podman with its improved security getting in my way, or copy paste not working the same in all apps and terminals.
I unfortunately have not a lot of time, between my familie, friends, hobbys and job.
Tbh the reduced/sensible security is most likely one of omarchys selling points.
And who gives a duck about 15gb?
As always, there are some nebulous "processional" and "vetted" (by whom) distirbutions that will serve "better" (what is the definition of "better")? And it's always a different set. The article doesn't even pretend to qualify why the distributions it picked are better. It even goes as far as saying "If that’s still not to your liking, maybe explore something completely different." and links to distrowatch, as if that's helpful
/r/unixporn type distro for Hacker News types that just decided to move away from Windows/macOS
They’ll move to something serious like vanilla Arch, Debian or Fedora soon enough
I've installed and used vanilla Arch from scratch on at least three different machines, but this time around I wanted Arch on a ThinkPad but didn't want to spend a few hours configuring and ricing it to my liking.
Omarchy scratches that itch.
Also the tech-influencers like tj and primeagen hyping this hard. I sometime wonder when out industry went to shit. Its all AI slop and hype influencers these days.
What a ridiculous attempt at gatekeeping. People like you are the reason why regular people shun so many communities --- including Linux.
I have used linux since red hat 5.0 in the 1990s, and I think this distro is a great idea. If it helps people switch to libre/free software, then that is a good thing indeed.
People who need "help" to switch, from what I've seen, are realistically going to care more about the included DE/WM than anything else. Any number of distros offer Windows-migration-friendly options like Cinnamon (and bundle popular software like LibreOffice, even if there are better alternatives and even forks). And the newcomers really do need to get used to a well-thought-out package manager rather than training to curl | sh all the things.
For a new user that would prefer a familiar DE, linux mint and elementary is a good choice. If you’re willing to learn a new OS but wants to start quick, I would recommend Fedora.
Anything else is better suited when you have opinions about the ecosystem.
I’m not gatekeeping. This is something I have seen time and time again. I have no animosity towards these people, I am glad to see more people working with Linux, but it is a fact that they are not concerned about the quality of the software they run. That’s why they’re running Omarchy.
Is this a deeply petty article? Yes. Is it wrong? I can’t see anything indicating that.
Either way, I appreciate the opinionated and researched review. It was a good read, and certainly highlighted some of the ways Omarchy is… odd.
(Also, the JavaScript is annoying, especially when reading on a phone which backgrounds the tab when you lock it…)
> After initially downloading the official ISO file, the first boot of the system greets you with a terminal window informing you that it needs to update a few packages. And by “a few” it means another 1.8GB. I’m still not entirely sure why the v3.0.2 ISO is a hefty 6.2GB, or why it requires downloading an additional 1.8GB after installation on a system with internet access. For comparison, the official Arch installer image is just 1.4GB in size.
That is interesting.
I would respect the article a lot more if it spent words on actually investigating things like this, rather than repeated nitpicking.
I really just dislike the tone of this.
The author is remarkably negative without actually trying to help anything. The globbing is borked on some shell scripts in a very young Linux distribution? Submit a pull request rather than writing a blog post.
And then the tab changes its name to something dumb when you leave to try to get you to disable JS.
They're mad things come pre-installed. They're mad things don't. They just like being mad.
Dudes got the vibe of a cat.
He does try to help though, he points users to actual linux distributions they recommend.
OK, I have to admit I cracked up and lost it at "Dude's got the vibe of a cat." That's such a great line with such rich, pointed meaning packed into only a few words.
Besides the gatekeeping, "imperfect" and "unserious" tools can be valid so that people try the thing. "Do your research and try elsewhere" hasn't worked so far, has it?
Very detailed and solid analysis of Omarchy project.
I don't understand why the link is now [flagged] by HN?
Flagged already? People do not really like critical opinions in here.
I've found Pop!_OS 24.04 beta, with COSMIC, to be more suitable for my preferences than Omarchy. You get the best of both worlds -- hybrid tiling experience. You can toggle between tiling (like Hyprland) and regular desktop environment (like GNOME).
https://srid.ca/pop-os
It is so sad to see so many people -- including the article, to an extent -- and also people in the comments cast shade on this distro and the people who may try Linux either for the first time, or perhaps one more time, because they tried and failed to switch before.
Calling it flashy is an especially amusing critique. You couldn't kick your way through the 90s and 2000s without the endless parade of semi-transparent terminal windows running on various shades of windowmaker, enlightenment, kde, etc. all to show off how much more advanced the graphics pipeline and customisation was compared to Windows or Mac at the time. So this is hardly a new thing.
Let's hope this distro picks up steam; that it helps convert people who are fed up with Apple and Microsoft to another way of doing things. Arch + hyprland is a fine place to start.
I think many people have problem with the project because it is from alt-right environment.
>I think many people have problem
"There are dozens of us! Dozens!"
>because it is from alt-right environment.
No it's not.
If you seriously think DHH and collaborators are "alt-right", you haven't met many alt-right people.
Sure there is spectrum. I witnessed more extreme stuff during early 90s in Eastern Europe but still...
You have no clue what you're talking about.
https://world.hey.com/dhh/europeans-don-t-have-or-understand...
The guy who glazes JD Vance, the 1000000% alt-right Vice President who doesn't care about literal Nazis infiltrating his party is probably part of the alt-right.
lol go back to 4chan
[dead]
> You couldn't kick your way through the 90s and 2000s without the endless parade of semi-transparent terminal windows running on various shades of windowmaker, enlightenment, kde, etc. all to show off how much more advanced the graphics pipeline and customisation was compared to Windows or Mac at the time. So this is hardly a new thing.
What does this even mean with respect to the article?
This blog pranks you with changing titles when you switch tabs (some nsfw), then welcomes you back with a paragraph inciting you to disable Javascript. That's nice, but I actually need Javascript in my browser to do real stuff.
got to admit, as a prank it's pretty funny.
fwiw, it's trivially easy to block javascript per site today with uBlock Origin. Firefox + UBlock Origin really is the panacea of a de-shittified web.
Indeed - and the author goes on to show a screenshot of Google Trends which, I'm sure, won't work without JavaScript turned on.
It's like 3 lengthy paragraphs that don't even get to the point until the end. The writing wasn't particularly good in the first place, so I just closed the tab when I saw that.
That's what NoScript is for, so you can whitelist the things that need it.
Do modern browsers even still offer the built-in option to disable JavaScript unilaterally?
Chrome does
More important: Why does that person mobs people for using javascript, but then only displays an ugly trashy side when you disable it?
Holy that is so funny
I felt just a tiny bit violated by that. Why does this person care about whether I have JS enabled? What’s the term for author’s affliction? Militant techno-minimalism?
The cynicism is also pretty strong, in the first call-out, asking HN audience to jump to the TLDR, because?
Yes, I remembered that other nut-case that shows a NSFW image if the HTTP referrer is from HN.
f'ing annoying and pretentious.
The author seems very set on following "the proper way of doing things in the linux ecosystem". If I remember correctly, a key principle from Linus himself is: "Talk is cheap. Show me the code". So did the author open any PR to fix any of the issues he surfaced ?
lol hold up. Are you saying you can't criticize something unless you're actively working on it?
This person did write a very,very long article that would have been shorter in the form of PRs as fixes to some of the issues, to be fair
lol You should read the article first before commenting.
I read the whole thing, I did gloss over some parts given the length.
But mine was a joke with a small complaint about the length. Everybody can do what they want with their free time, none of my business
> Omarchy feels like a project created by a Linux newcomer, utterly captivated by all the cool things that Linux can do, but lacking the architectural knowledge to get the basics right
I've used Omarchy over the last few months and I don't think this is a fair assessment of the project. Sure, it definitely fells hacky in some places but I don't think it's that bad.
Even though I don't fully agree with the article, I think the conclusion is right. If you already knows your way around linux, Omarchy probably won't be a good option for you in the long term.
I fully switched to linux around 2008 and never looked back. I went through most of the major distos, from Gentoo to Ubuntu. I'm not an expert, but I have a pretty good understanding of how things work under the hood.
Even with all this knowledge I stumbled upon a bug that I wasn't even sure on how to start debugging. In my desktop I have 2 monitors and when the system wakes up from sleep my secondary monitor starts up faster than my main monitor and this puts them in the wrong order, as if I had swapped them left-to-right.
This is a trivial issue, I'm sure that ChatGPT could guide me through this issue in no time. But it made me realize that if I choose to stick with Omarchy I will need re-learn a lot of things, I will need to learn about several new tools and configuration schemas. And I don't want to do it right now, that's not a good time investment for me. Especially if there are no guarantees these tools will still be relevant in 10 years.
And this is why I'll be switching back to old and boring Fedora.
I guess Omarchy looks cool but I remember Linux distros being just as cool in 2002 with Enlightenment and many other custom scripts and setups. Unfortunately, Linux on the desktop hasn't moved on much.
On the contrary, linux desktops have IMHO vastly regressed since then (in regards to "cool" factor). I remember when the compiz cube desktop was everywhere; now it feels like everything is bland in comparison.
Yup that was a great demonstration of 3d graphics too. That reminds me all those years in the late 90s and early 2000s when I spent countless hours trying to get the graphics driver working properly with X. Kept running the Gears demo to see if it had sped up, but no, it was still extremely slow.
Still have muscle memory of commands like glxinfo, xdpyinfo etc. ;-)
Actually, that's the funny thing - the reason I qualified that we've regressed specifically in the cool factor is that the rest of it has (mostly) done great, and today the drivers (and hardware, I guess) are in a great place, so we easily could do the fanciest graphics you could ask for, but...
It’s a feature!
The author recommends using "Do Not Track", but this has been deprecated for some time. Safari and Firefox have both removed the option completely. Perhaps the author meant GPC?
For all of the security suggestions in this article I was also surprised to see the author recommending ungoogle-chromium, which has a number of security issues. See: https://qua3k.github.io/ungoogled/
The primary issue I take with the article is the chosen tone. I think there are ways that these points could have been made without being overly cynical and negative. I think speaking authoritatively throughout the article has the effect of equating the importance of subjective preferences (like the choice of which terminal emulator to include), with legitimate security concerns (bash shortcomings, migrations, firewall misconfiguration, piping curl | sh to install software).
I wouldn't use Omarchy, but I am glad it exists. It's bringing more people into the desktop Linux ecosystem, which should be positive sum. Omarchy comes off to me as a little hacky and immature, but at this stage that seems.. mostly fine? Perhaps they should be more clear about that in their marketing, but I understand the goals and I admire the enthusiasm from DHH.
> And by “a few” it means another 1.8GB. I’m still not entirely sure why the v3.0.2 ISO is a hefty 6.2GB, or why it requires downloading an additional 1.8GB after installation on a system with internet access.
Sounds like bloatware.
On another discussion forum I saw someone posted[1] the results of running shellcheck against the bash scripts that make up Omarchy:
[1]: https://lobste.rs/s/iuvukw/word_on_omarchy#c_slymk9hello, can you share the lobsters forum invite with me? I checked your portfolio and see the socials we used together, I also have X account. my X: frontendhashira
I am surprised Omarchy got such a large audience, DHH had already dropped an opinionated Ubuntu 'distro' - Omakub - but seemingly didn't gain popularity.
Even though I haven't used it, I don't mind Omarchy existing if it works. I had issues with omakub when I had tried it in the distant past.
https://omakub.org/
That said, I think a lot of peoples criticism of DHH and Omarchy is based on their personal opinions of DHH or that they don't like that an opinionated Arch variant is opinionated, which is a bit of a ridiculous criticism too.
Because its hype driven by content creators.
Yup. Primagen hyping it up gave it a huge push.
tl;dr of the summary: Omarchy is a toy, not a proper tool, and dangerously "naive".
Why is even the summary longer than most articles nowadays? I will maybe read te full article later, but probably will just let it rot on my pile of readlaters.
Is this enough trash-talk now? Is the Pro-tip pleased?
Super pretentious, nitpicky, and makes it sounds like the author has an axe to grind, which seems to be trending as much as DHHs distro these days...
[dead]
[flagged]
You seem to be the one equating 'brit' to skin color.
Visual appearance is the main indicator to identify the perceived culture of some random person on the streets, so it's a justified assumption the writer was talking about this.
The only "Brits" native to Great Britain are White Brits. Visual appearance is a strong indicator.
How does he know who is "native brit" and who is not? Rhetorical question.
[dead]
No, really, DHH does that in the linked article.
> Chiefly because it's no longer full of native Brits. In 2000, more than sixty percent of the city were native Brits. By 2024, that had dropped to about a third. A statistic as evident as day when you walk the streets of London now.
I personally don't see how it could be "as evident as day" simply by walking around and observing without bringing skin color into it. Walking the streets of London doesn't reasonably include the activity of investigating the citizen status of everybody one sees so he's presumably not observing "native or not". And if he's not observing that, then it seems reasonable to think he's observing their skin color. At least, it does without him clarifying what he was otherwise observing.
But some of the words also link to a wikipedia article (https://en.wikipedia.org/wiki/Ethnic_groups_in_London) which doesn't actually support his point unless you look at numbers that explicitly concern race. More specifically, I can't find the race-agnostic numbers which corroborate the specific (approximate) numbers he gave. There's a "White British" row in a table that has a value of 36.8% for the 2021 census. It shows 59.79% for the 2001 census.
It's hard to compare strictly with citizenship using the numbers he linked to, which seems another reason to assume he was thinking in terms of skin color. On top of the fact that the wiki article is titled "Ethnic groups in London", which is not relevant to citizenship status, nor whether they "natively" got their citizenship. I mean, seriously, what evidence could he even be using to make the claim that a mere 1/3 of London's population is comprised of "native Brits", if we start with the assumption that it's not what he observed of others' skin color? (Not rhetorical despite the tone, please answer if you have an idea.)
The only "Brits" native to Great Britain are White Brits.
It has nothing to do with race, everything to do with ethnicity. Austrians are racially White, but are not native to London.
There's nothing wrong with promoting or protecting the interests of native or indigenous people over those of immigrants or foreigners.
We all know what dhh meant, dont play naive
$100 says this guy has a Bluesky account