TL;DR It's simpler to just use one distro's packages, the distro isn't as stable as it could be, and it's probably one of the least secure distros out there. I'd personally add that managing packages from so many sources could probably get confusing and chaotic.
I disagree with your TL;DR in a number of ways. That's not at all an attempt
to put you down; rather, it means I didn't word things properly, as they didn't
come off the way I had intended it to. I'd like to throw out some corrections
here to avoid potential future misunderstandings, then I'll head over to the
FAQ to see if I can rephrase it to clear things up.
It's simpler to just use one distro's packages
This is absolutely true.
the distro isn't as stable as it could be
This is because it's still in beta. There's nothing inherent about it to
necessarily make a 1.0 release any what lacking in stability. If anything,
it's the opposite: Bedrock Linux is naturally resilient to things that would
take more traditional distros down. For example, if your init system breaks on
a traditional distro you're in trouble; with Bedrock Linux, you can just boot
with the init from another distro.
and it's probably one of the least secure distros out there.
That's not necessarily the case. Bedrock Linux has the highest attack surface
potential. If you install a bunch of things from a bunch of distros, you'll
have a higher chance that some package has a security issue in it. If you
restrict yourself to only getting stuff from more tested/stable and hardened
distros, a Bedrock Linux install could easily be more secure than most other
distros out there. Doubly so if you go out of your way to do things like set
up Mandatory Access Control mechanisms. It's just Bedrock Linux gives you the
option to shoot yourself in the foot by getting stuff from wherever, while
other more limited distros get some security benefits as a side-effect of the
fact they don't let you shoot yourself in the foot quite as easily.
I'd personally add that managing packages from so many sources could probably get confusing and chaotic.
In practice I don't think it's that bad. It's not terribly different from,
say, using pip or
rubygems in addition to the native
package manager. However, it is to some degree more confusing than it would be
otherwise and is worth adding to the FAQ entry.
Again, not necessarily on you that the FAQ wasn't clear about these things.
I'll do what I can to fix them up.
yo you guys did a great job at making it stable, i've been using it for a few weeks now and it is very flawless (except idk all the default logins into any stratums when booting but my own and void, which for some reason has no users and no passwords, but that saved me when I messed up my fstab so I will not complain). I didn't even know bedrock linux existed for 9 years already
yo you guys did a great job at making it stable, i've been using it for a few weeks now and it is very flawless
Happy to hear it!
(except idk all the default logins into any stratums when booting but my own
A core idea with Bedrock is that it's one system, just with parts from various distros. You're not logging into different strata, you're logging into a single Bedrock Linux system using the login component of different distros.
It should be the same login credentials irrelevant of which stratum's /sbin/login is used.
One possible explanation for why you might be having difficulty is that whichever stratum you used to set your account's password used a password hashing algorithm that the others don't recognize/support. This is rare in my experience as most distros all recognize the same set of password hashing algorithms these days, but I recently had a drive-by report of such an issue hitting someone else as well so maybe some distro is using some newfangled algorithm.
As root, open up /etc/shadow. You should see lines in there corresponding to every user account. Don't share those lines - those are your (obfuscated) your passwords. The second :-separated field will probably start with something like $x$ where the character(s) between the dollar signs indicates the hashing algorithm used. The line format is documented in man 5 crypt which covers the options.
If you can report back with:
The character(s) between the $'s indicating the hashing algorithm used
Which distro you used to set your password (probably whichever one you hijacked)
Which distro logins you tried which didn't let you log in even though it seems like you used the correct password
it'll help me chase down and nag distros to update their password hashing algorithm support.
Assuming I'm right about what the issue is, you can probably just use a more widely supported hashing algorithm. Try strat <stratum> passwd to use a different distro's passwd to (re)set your password. It'll hash it with an algorithm it supports. Most likely, it's an older one that all the other distros will support as well.
and void, which for some reason has no users and no passwords, but that saved me when I messed up my fstab so I will not complain).
I have no idea why that would be. I've never experienced that nor do I recall anyone else reporting such a thing.
I didn't even know bedrock linux existed for 9 years already
It was already some years old when this reddit thread was started. From the FAQ:
When did Bedrock Linux start?
Bedrock development officially started on the 9th of June, 2009.
The first internal release occurred 2011.
The first public release occurred the third of August, 2012.
bsilvereagle@reddit
Bedrock Linux is pretty unique.
magicjamesv@reddit
The description almost sounds like what would be the perfect distro for a lot of people. There has to be a catch. What's the catch?
mszegedy@reddit
http://bedrocklinux.org/faq.html#why_not_use_bedrock
TL;DR It's simpler to just use one distro's packages, the distro isn't as stable as it could be, and it's probably one of the least secure distros out there. I'd personally add that managing packages from so many sources could probably get confusing and chaotic.
ParadigmComplex@reddit
Disclaimer: I'm the head of the project
I disagree with your TL;DR in a number of ways. That's not at all an attempt to put you down; rather, it means I didn't word things properly, as they didn't come off the way I had intended it to. I'd like to throw out some corrections here to avoid potential future misunderstandings, then I'll head over to the FAQ to see if I can rephrase it to clear things up.
This is absolutely true.
This is because it's still in beta. There's nothing inherent about it to necessarily make a 1.0 release any what lacking in stability. If anything, it's the opposite: Bedrock Linux is naturally resilient to things that would take more traditional distros down. For example, if your init system breaks on a traditional distro you're in trouble; with Bedrock Linux, you can just boot with the init from another distro.
That's not necessarily the case. Bedrock Linux has the highest attack surface potential. If you install a bunch of things from a bunch of distros, you'll have a higher chance that some package has a security issue in it. If you restrict yourself to only getting stuff from more tested/stable and hardened distros, a Bedrock Linux install could easily be more secure than most other distros out there. Doubly so if you go out of your way to do things like set up Mandatory Access Control mechanisms. It's just Bedrock Linux gives you the option to shoot yourself in the foot by getting stuff from wherever, while other more limited distros get some security benefits as a side-effect of the fact they don't let you shoot yourself in the foot quite as easily.
In practice I don't think it's that bad. It's not terribly different from, say, using pip or rubygems in addition to the native package manager. However, it is to some degree more confusing than it would be otherwise and is worth adding to the FAQ entry.
Again, not necessarily on you that the FAQ wasn't clear about these things. I'll do what I can to fix them up.
Schimmeltoast08@reddit
yo you guys did a great job at making it stable, i've been using it for a few weeks now and it is very flawless (except idk all the default logins into any stratums when booting but my own and void, which for some reason has no users and no passwords, but that saved me when I messed up my fstab so I will not complain). I didn't even know bedrock linux existed for 9 years already
ParadigmComplex@reddit
Happy to hear it!
A core idea with Bedrock is that it's one system, just with parts from various distros. You're not logging into different strata, you're logging into a single Bedrock Linux system using the login component of different distros.
It should be the same login credentials irrelevant of which stratum's
/sbin/loginis used.One possible explanation for why you might be having difficulty is that whichever stratum you used to set your account's password used a password hashing algorithm that the others don't recognize/support. This is rare in my experience as most distros all recognize the same set of password hashing algorithms these days, but I recently had a drive-by report of such an issue hitting someone else as well so maybe some distro is using some newfangled algorithm.
As root, open up
/etc/shadow. You should see lines in there corresponding to every user account. Don't share those lines - those are your (obfuscated) your passwords. The second:-separated field will probably start with something like$x$where the character(s) between the dollar signs indicates the hashing algorithm used. The line format is documented inman 5 cryptwhich covers the options.If you can report back with:
$'s indicating the hashing algorithm usedit'll help me chase down and nag distros to update their password hashing algorithm support.
Assuming I'm right about what the issue is, you can probably just use a more widely supported hashing algorithm. Try
strat <stratum> passwdto use a different distro'spasswdto (re)set your password. It'll hash it with an algorithm it supports. Most likely, it's an older one that all the other distros will support as well.I have no idea why that would be. I've never experienced that nor do I recall anyone else reporting such a thing.
It was already some years old when this reddit thread was started. From the FAQ: