Debian 12 … is amazing! How to: Create your custom codehouse [Part 1/4]

Demystifying Debian Linux Distro — it’s development evolution, philosophy, and misperception of it as “expert-only”

---

Ubuntu OS was the first Linux distro I tried, mainly for it’s renowned “user-friendliness”. After a couple of months, I realized I wasn’t satisfied and began tailoring my Ubuntu Desktop to my needs. Eventually, it seemed like I was trying to “un-ubuntu” it. Since Ubuntu OS is based on Debian, I wondered, why not try Debian instead?

There’s a widespread perception that Debian is for “intermediate” users with quite of knowledge in system administration. This perception might be reinforced when one decides to visit the official Debian website, which, in contrast to Ubuntu’s cute web interface, looks like a highly technical documentation. However, this is merely an initial impression.

My adventures with Debian OS started with studying exactly its official documentation. I have switched to Debian 12 seamlessly and tailored it for my coding needs. As a teaser, I will share my current Debian setup:

---

The purpose of this set of articles (4 parts) is to provide a step by step guide on how to customize Debian to make it look like on the pictures above. I aim to act somewhat as a proxy for official Debian documentation, refraining when I can from offering any “advice” how to do something without explanation of that action. I aim to demonstrate how step by step I installed and customized Debian 12 Bookworm (Stable release).

♠ Part 1: Before Installation.

This part is dedicated to the “philosophy” of the Debian distribution. It covers what Debian offers, how it packages software, the main releases besides the stable one, how to use Debian OS in a “Debian” way, and how to understand if Debian is a good match for you. The aim of this part is to demystify Debian for you. If you are worried that Debian is difficult to administer, that you will have to tinker with it to make it work, or that you will need to configure a lot of things manually to make it work, this article is for you.

♦ Part 2: Installation.

This part covers in detail each step of the Installation Process of Debian 12 with central focus on disk partitioning step, choosing filesystems for partitions, setting up of Logical Volume Manager (LVM).

♣ Part 3: Debian security mechanisms and how to administer system in a secure way

♧ Part 3A: Protecting your Debian against malware.

This section covers essential strategies for using your system in a way that minimizes its vulnerability to malware. I’ll discuss how safe Debian is against malware, how malware can actually infiltrate Debian, and the common ways this happens. I will address topics such as third-party software, permissions, antivirus tools, and secure browsing.

♧ Part 3B: Securing Debian against Network-Based attacks

This section addresses external threats, such as attempts by hackers to gain unauthorized access—how these attacks work and how Debian is, by default, secure against them. It covers post-installation network configuration, firewall settings, and system services with open ports.

♥ Part 4: Creating custom Desktop Environment for Debian 12

a process known as “Ricing”- a process in which one customizes a computer operating system to improve the look or operation of the system

---

This series of articles dedicated to Debian OS is written in my long-read style, thought for users who want a deep dive into the subject. It’s targeted at those who wish to understand how the operating system interacts with hardware and the kernel, gain a better understanding of the software you use every day, and learn about how to administer your system preserving its stability and security.

The Part 1 that you are currently reading may be considered as pre-installation guideline.

• It can help you to understand which Debian release is the best for you, and after reading it, you might even realize that Debian Linux Distro isn’t the best fit for you and you will not move forward to the installation.
• This part isn’t about user-friendliness or ease of installation, but rather the philosophy behind Debian distro and its comparison to some other Linux distros.

---

① Debian OS = “rock solid” stability and security. How is it achieved?

To start understanding and viewing the Debian Distro differently, I recommend starting with these reads: Reasons to use Debian and Debian Social Contract. Key takeaways:

Stability is a synonym of Debian. Security is one of the most important Debian features.
We will be guided by the needs of our users and the free software community.
The Debian Project is a Community.

To avoid confusion with the different names of Debian releases:

Debian releases are frequently referred to by names rather than numbers — like Buster (Debian 10), Bullseye (Debian 11), Bookworm (Debian 12), Sid (Current Unstable version), Trixie (Current Testing) — because each release has its own unique name. To keep track of these names, you might want to check out the list of Debian Releases.

Debian is renowned for being “rock solid” — stable and secure. I doubt anyone would not choose stability for their OS. However, you must truly understand how this high level of stability is achieved and at which cost.

①.① How high OS's stability can be achieved?

First, it involves ensuring compatibility among all components that contribute to the OS’s functionality, along with extensive and thorough testing for this compatibility. Such testing takes time — lots of time and effort. But what happens every day in the software world? New, updated versions of software and firmware are released constantly. Consider, for example, the NVIDIA display drivers release frequency:

NVIDIA developers release major or minor updates of their software roughly every three months. If Debian developers start to chase constantly updating drivers and race for the newest software packages, the stability of Debian OS will be not the same anymore. In the case of NVIDIA drivers, the drivers cannot be discussed in isolation because each version of them might introduce additional features and require more dependencies, which also need to be the latest versions, and sometimes these dependencies are as down as Linux kernel.

Constantly updating almost every component of Debian OS to have the latest version of everything, is not an option when you are aiming for stability. I’m not suggesting that this will definitely result in instability or break the entire OS, however, complete smooth integration of the newest version of software into an OS cannot be guaranteed in a very short time after it is released. For example, the functionality of graphics drivers can certainly be tested with small effort (i.e do I see broken graphics on my monitor: yes/no?), but a comprehensive test of how all the components of the drivers affect every other component of the system cannot be thoroughly conducted in a short time.

---

② Two approaches to release practices of Linux operating systems: Rolling development vs Point release.

You may have noticed that Ubuntu OS versions include labels like 20.x, 22.x, 23.x; Windows OS has versions like 8, 10, 11; and Debian versions include 11.x, 12.x.

Debian releases are frequently referred to by names rather than numbers — like Buster, Bullseye, Bookworm, Sid — because each release has its own unique name. To keep track of these names, you might want to check out the list of Debian Releases.

Then there’s Arch Linux, which simply goes by “Arch” — there are no versions like Arch 1, 2, 5, 10, etc.

Debian follows a point release practice, while Arch adopts a rolling development model.

Let’s start with point release approach. Debian 11 was released on August 14, 2021. Debian 12 followed on June 10, 2023 (the latest version as of now is Debian 12.6, but for explanation simplicity, I’ll focus on the major version release). What happened between these release dates? A lot of testing of new features. When the planned features that distinguish Debian 12 from Debian 11 were thoroughly tested and all software components reached peak stability, Debian 12 was released. This point release is often referred to as a frozen state of the system at a specific point in time (release date). Here is a schematic idea:

When a Debian version is released as “Stable,” it gets its own package repositories. For example, Debian 12 has its repositories which will not change except for security updates and critical fixes. Debian’s package management system apt (Advanced Package Tool) by default points to these repositories. Returning to the example of NVIDIA drivers, you might have read an announcement about a new NVIDIA driver release. However, when you try to install this version via the apt package manager that points to package repositories of Debian 12 stable release, you won't find it there. This is because, according to the scheme mentioned earlier, the latest version is outside the cube — frozen state of stable release.

I’ll briefly cover the Arch rolling development approach. When you install Arch, you’re essentially installing the latest version available at that time — think of it as a momentarily frozen state, possibly just for a day. Arch is heavily community-driven, ensuring that all packages are continuously updated to their latest versions. This approach makes Arch potentially less stable than Debian, but that doesn’t necessarily mean it is unstable. It simply maintains stability in a different manner.

---

③ Decide what you intend to do with your PC to choose the most suitable Debian Release (or even different Linux distro) for you.

If you plan using a stable Debian 12 release as if it was rolling development, you will face various obstacles and inconveniences. This isn’t because Debian developers don’t want you to do so, but because you need to understand what you are doing in detail. Debian developers have taken care of rock solid stability and security of your system for you. If you are advanced user, you can surely custom your Debian OS for your needs. But you have to keep in mind that in these cases stability of your OS is your responsibility and it depends a lot on your actions.

③.① Debian Stable vs Debian unstable vs Debian Testing

However, I do not want to discourage you to use Debian at all, because there is, of course, the Debian community, and you’re not alone in wanting to go beyond Debian’s stable packages to install SOMETHING more up-to-date. You can always find web guides from someone who has done what you want, or you can ask questions. The crucial word is SOMETHING — if you want EVERYTHING to be the latest version, you need an OS that follows rolling development approach. Even here, Debian has you covered! You can stay with Debian (I mentioned Arch before as an alternative, but if you used before only Debian-based OS before, the difference in system administration is remarkable) and enjoy a rolling development with Debian Sid, also known as Debian Unstable. Moreover there is Debian Trixie — Debian testing release. Read this for more details: Choosing a Debian distribution. Key takeaways:

Stable is rock solid. It does not break and has full security support. But it not might have support for the latest hardware.
Testing has more up-to-date software than Stable, and it breaks less often than Unstable. But when it breaks, it might take a long time for things to get rectified. Sometimes this could be days and it could be months at times. It also does not have permanent security support.
Unstable has the latest software and changes a lot. Consequently, it can break at any point. However, fixes get rectified in many occasions in a couple of days and it always has the latest releases of software packaged for Debian.

Users of the Unstable release are always on the cutting edge, using the latest software versions developed for Debian. When a new software version is released for Debian, Sid users begin using it. If they encounter bugs, they report them. If no bugs are reported within five days, the software version is moved to the Trixie testing release. There, it undergoes extensive testing. After the testing phase, and assuming all goes well, the newer software version eventually makes its way to Debian Stable — though this can take a while. Simplified scheme:

However, there is something more that Debian offers to its users, which falls exactly in a usage pattern when users want to update just some packages of Debian stable release — this approach is with using Debian Backports apt packages repository. I personally use this approach. Read this for more details: Debian Backports.

Backports are packages taken from the next Debian release (called “testing”) and unstable (in a few cases only, e.g. security updates), adjusted and recompiled for usage on Debian stable.
Backports cannot be tested as extensively as Debian stable, and backports are provided on an as-is basis, with risk of incompatibilities with other components in Debian stable. Use with care!

Key moment is that packages in Debian Backports repository are adjusted and recompiled for Debian Stable - they will run without new libraries (wherever it is possible) on a stable Debian Distro.

For example, imagine you’re using Debian 12 Stable release, and you would like to install PipeWire software (PipeWire is a server and API for handling multimedia on Linux). The Debian 12 Stable repository offers PipeWire version 0.3.6, while Sid or Trixie repositories have a newer version, 1.2.2. Although you could add the Trixie/Sid repositories to your apt sources, Debian developers strongly advise against this. Doing so might cause PipeWire to malfunction and disrupt multimedia management because it will pull in dependencies from Trixie/Sid, which may not be compatible with Debian Stable. This could lead to a cascade of broken dependencies across your system. Below there is a schematic illustration of what “broken dependencies” case is in practice.

Debian Backports provides a safer alternative. It allows you to install newer or unavailable packages on Debian Stable. Backport packages are taken from Debian Trixie (testing release) but rebuilt to work with Debian Stable, ensuring they depend on compatible versions from the Debian Stable repository.

However, even when using Debian Backports, you have to choose this option wisely. Returning to Debian “philosophy” and its distinctive stability, please read carefully: DontBreakDebian — Debian Wiki. Key takeaways:

Don’t make a FrankenDebian!
Debian Stable should not be combined with other releases carelessly. If you’re trying to install software that isn’t available in the current Debian Stable release, it’s not a good idea to add repositories for other Debian releases.

This advice is definitely to be followed if stability of your system is crucial — let’s say you use Debian Stable as an Operating System of servers where some crucial applications of yours are running. However, as in my case, I use Debian 12 as an OS on my personal PC and i am ok to take some risks and install something of my interest. And there are many ways to do it, some of them potentially more harmful and some of them less. If you install new software carelessly your Debian can easily become FrankenDebian:

Remark on private package repositories and compiling packages from source. The main problem with FrankenDebian isn’t just about installing a package, which could potentially be malware. The bigger issue as illustrated above is that installing one package can bring in many dependencies and require different versions. When you build packages from source, it may also require additional components, not just for running the software but also for building it. Adding private repositories to your package sources can, over time, result in your system being filled with bloatware or unnecessary software after updates and upgrades.

③.② Debian 12 (Bookworm): which installation image to use and where to get firmware and drivers.

I will be installing Debian using an installation image (.iso file). If something differs for you or something isn’t working, the answers can be found here. I too can make mistakes and may not always do things in the most correct way. However, following this guide —Debian bookworm — Installation Guide— is the most accurate method.

There are two options for choosing a right image (.iso file):

1. Standard Install: Available here, this image comes with all the packages needed for a standard user setup and can be installed without an internet connection.
2. Live Install: Found here, live installers let you test Debian by booting from a USB without installing any files to the computer. These images vary by desktop environments (DEs) like GNOME, KDE, Cinnamon, XFCE, etc. If you’re familiar with Ubuntu, you’ve likely used GNOME. You’ll need to research each DE independently, but if you choose the third installation option mentioned below, you can install and test multiple DEs at once (makes sense only for the purpose of testing and trying DEs)
3. Network Install or netinst: Located here, this minimal image contains just the minimal amount of software to install the base system and fetch the remaining packages over the Internet.

I’ll be using the network install for Debian because it allows me to install only the essential packages initially. At certain point of installation it scans my PC’s hardware and installs all necessary firmware.

A notable change of Debian 12 release is the addition of a package repository called “non-free firmware,” which contains non-open source firmware. For more details, see the Firmware — Debian Wiki. Key takeaway:

The Debian project took the decision in October 2022 to create a new repository component non-free-firmware, and include its content on installation media for the upcoming Debian 12 release (bookworm) to make things easier for our users.

So, starting from Debian 12 all installation images fetch the firmware not only from Debian stable package repo but also from repo non-free firmware. Please consult Debian Information on Hardware Compatibility.

NB!: Firmware and drivers are not the same things.

Firmware is embedded software that controls electronic devices and often operates at a low level, essential for device functionality.

A few firmware images are Free Software and Open Source but unfortunately almost all of them are non-free — that’s why they are located in the package repo non-free-firmware and are not added to Debian stable package repo (the word non-free does not mean that you will have to pay in some way for using installed non-free firmware).

Drivers mostly is not a “responsibility” of OS, but of Linux Kernel:

In the Linux world, the overwhelming majority of drivers is open source and often integrated to the Linux kernel source code once they are of good enough quality, so as long as your kernel version is recent enough, you’re probably good. If your kernel is older than your hardware model, you can expect problems. (Source)
Drivers in Linux in most cases are not written for a certain “product” or “brand” from a specific manufacturer, but for a certain hardware/chipset. Many seemingly different products/brands are based on the same hardware design; it is not uncommon that chip manufacturers provide so-called “reference designs” for products based on their chips which are then used by several different device manufacturers and sold under lots of different product or brand names.
When you install Debian 12 it will also install Linux Kernel (the latest version of it that is present in Debian 12 stable packages repo!) and Linux Kernel is supposed to fetch drivers for hardware devices identified on your machine.

NB! Hardware device → Device’s proprietary Firmware → Linux Kernel Driver for this device.

This part turned out to be longer than planned, but I hope it helped you better understand the Debian Distro. However, even if the points I raised have given you doubts about whether Debian is the right choice for you, you must definitely try it. It’s not uncommon for people to switch between various distros quite often to find one that suits them best. This is known as distro hopping, and you can check out a community dedicated to this, for example, on Reddit.

See you in the next part of this series where I will proceed with installation steps!