I’ve been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I’m reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don’t mind doing some work to set it up (though LFS may kill me!)
Here is what I have.
- RAM: 2GB (yep. Seriously. None-upgradable).
- HDD: 20GB (say 19GB)
- Processor: Intel Celeron N3350 (2334Mhz average)
- GPU (hah): Intel HD Graphics 500 (Integrated)
Wishlist
- Graphical user interface (I appreciate it’s going to be very basic)
- Arch based (I love the AUR and pacman)
- Base runs on less than 512MB of RAM, Arch Linux is a minimum of 512MB.
The software I plan to run on said device, so to give some kind of guidance of how much RAM we’re working with.
- Tor Expert and Tor Browser bundles or Mull.
- Virtual machine (of some kind) with Whonix
- MariaDB
- RClone
- VLC/Smplayer (which ever is smaller)
- VPN client
- Rustdesk (I can’t find anything smaller than actually works)
- ZSnes
- SimpleX
- Deluge (DelugeD with thin-client)
- LibreOffice (until I can find a lighter alternative, but I need the BASIC capabilities).
Solution
Have a look at alpine.
For the DE, something very light is needed and I would use Wayland for security AND performance.
Problem: apart from RaspberryPiOS I know no dedicated lightweight wayland DE.
They use Wayfire, but one of these will work too.
Then for the apps, good luck running a Browser at that low.
You will need only system packages, nothing else. Might try Bubblejail for sandboxing without using Flatpak (disk space, RAM). But that is in pretty early stages.
For your apps
- you mean Mullvad Browser not Mull. Screw that, use Librewolf
- you will not run a VM on that hardware. These are VM guest specs, not host. You can run Carburetor flatpak, or maybe a minimalist podman container with tor for proxying. User namespaces, bubblejail and seccomp are also secure.
- VLC is not small. Use Celluloid or just MPV or even better just ffplay. Celluloid/Haruna/Dragon is minimal and has wayland support
- rustdesk? Client or server? There is wayVNC and KDE and GNOME have their suites. But they need static IPs. Rustdesk Server has no wayland support
- deluge, ktorrent, qbittorrent doesnt matter, all light. But stick to one GUI toolkit.
I think Qt can work, pcmanfm-qt is nice.
LXQt 6.1 will have “full” Wayland support, but you need to configure stuff in config files of course.
I dont know a modern Wayland ready GTK alternative to GNOME.
I would avoid Alpine if you have a older machine as the way Alpine packages the kernel can be hit or miss. The upside is that the Alpine kernel is fast and secure.
I usually use rustdesk on this smaller device to log into my main, which is a decidedly tough nut to otherwise get back to as it’s not on a static or exposed ip address. I’ve tried everything else, VNC cannot access my system, which is unfortunate.
Wayland is not a huge thing for me I can take it or leave it. I’m not expecting performance here for example gaming or such (beyond ZSnes which I swear would work on a suitably grown potato).
I had manjaro on the machine with operated at around 800MB, I was able to run Firefox and Rust desk on it, though I did have to trim some fat off Firefox to get that to work without setting the system into thrash mode.
All good tips!
If you want a secure system you need Wayland. X11 is extremely insecure, search on the internet and you find why.
But if you just need the VNC client no problem.
If you want a server, have a look at KRFB. But yes, needing static IPs suck. You could use a free DynDNS service like NoIP for that.
Trim down FF, like compile it yourself? That is for sure possible, you might want to use the ESR release to do that. You can leave out some things I suppose.
Just start with Alpine, which uses busybox and musl and is thus security focused and smaller.
Try a DE like LXQt, I will give it another go.
You can use it with X11 for now and replace the compositor in the future.
Some apps if you stick to just Qt (not that useful as Firefox will load in GTK stuff)
- qBittorrent / Deluge
- Haruna or Dragon
- podman container with tor, try torvirt (and just skip the virt-manager profile stuff) (it seems unmaintained though)
- SimpleX Appimage? Or instead of Alpine use Debian and then you can use the deb package but it was broken for me
- Calligra instead of Libreoffice.
Trim down is perhaps a strong work. I went in to heavily limit it’s performance capabilities, limit the amount of cache it could hold, number of threads it could use and so on. I also stripped out a lot of bloat like pocket and other features that if they couldn’t be removed I could turn them off.
AntiX uses IceWM which is much lighter than LXQt apparently. I haven’t yet tried Alpine so can’t compare the two. AntiX (64bit) barely uses 300MB RAM. AntiX by the way is based on Debian.
SimpleX now has a bin in the AUR, which I believe was made from a .deb file. Fk appimage and the horse it rode in on.
Does Calligra have BASIC capabilities?
Yes LXQt is simple the only light DE I know that will have Wayland support very soon. There are many others of course.
But you mentioned security, so that is that. Apart from an actual threat model which you didnt yet mention.
Compiling Firefox minimally vs just disabling it (like Librewolf does) is different.
Same with a custom Kernel with only the needed modules.
Forgot about BASIC, no idea never used it.
Fam, with al due respect, make up your mind; because, unfortunately, it’s not possible to keep up great security practices in conjunction with access to the AUR on a low powered system.
I’d argue that your best bet is probs Kicksecure. Though, I reckon you’ll have a hard time on a VM regardless.
This is fair and I am willing to look at other distributions. I looked at some of the commands for alpine linux and baulked, worst comes to worst I can alias things though.
I’ll take a look at it thanks.
Honestly I would go Debian Xfce4. I know you like arch but Debian is better for older machines. I run Debian on a old laptop with a Atom 32 bit CPU.
Arch isn’t good for security either
I think I’ll try to aim for a lighter DE but, sure wth it’s worth a shot.
Edit:
Debian is a bit high on the demands so I’ve done some digging and I’m taking a look at AntiX.
Quite a controversial take, but I think dietpi is a very solid choice, even for x86 PCs.
Well I have never tried it but from what I can tell it is a solid choice if you could care less about free software
Openbsd
Maybe Alpine is suited? Although the whonix VM requirement will not be pleasant or work at all. But that is more of a hardware limitation.
It’s in my pile in case AntiX falls through, it weighs in at only 300MB RAM base install.
Maybe try something with openbox? Bunsenlabs linux is a good example of what you can do with a window manager. I run it on a pentium m laptop (1 core) with 2 gb of ram. It’d be doable. (It originally had one 1 gb and I don’t think I even enabled swap).
Basically arch plus mimicking their UI would be a good starting point.
Or just use bunsenlabs 32 bit if your software has 32 bit versions. It will be a bit lighter from a memory standpoint.
Bunsenlabs is just slightly too heavy, I know some manage it, it depends on what you’re trying to do with it.
Tested or listed specs? I would recommend at least using the 32 bit version in other distros as well. It will be marginally lighter memory wise.
And I just remembered that my pentium m laptop has a dgpu. It’s very weak but just enough.
Unless if it’s a storage thing
Following the comments and response so far, I looked around quite extensively over a broad range of linux distributions. Arch, Alpine, Debian, even Gentoo booting them up and seeing what worked and what didn’t.
I found AntiX which appears to meet many of my requirements.
AntiX as a base install comes in at under 2GB HDD and 300MB RAM. By using lighter desktop environments I can push this down even further, admittedly sacrificing some usability.
It does not, sadly, have access to the AUR as it is Debian, however, there is the Sid repository, which I guess will have to do. It comes pre-loaded with RSync, LibreOffice and Firefox (which I will be booting shortly).
Even with the base of 300MB, I’m not sure I could manage to run Whonix through it, so I’m going to have to look at a different method to achieve my goals. If you have more RAM, this would be idea.
You can use LFS to… Install targeted-kernel Setup AUR/pacman as package manager Use a minimal DE if needed. Otherwise just use the x.org kiosk to start your applications without any de.
One sledgehammer coming up! Of course you’re exactly right, I had forgotten about LFS somewhat. It’s not for the fainthearted, it’s a one stop shop of how to linux like a boss.
This should get their slogan. Any linux should have this slogan :) Have fun on your endeavors!!
There’s always tinycorelinux for hardcore minimalists.
I can’t say about package support either - i’ve not used it enough, but theres a “dcore” extension that lets you acess debian repos.I’ve installed it on a potato easily enough - and I did find it to be astonishing for how small it is.
But I don’t use it day to day, or much at all, so i’m not going to endorse it.
It’s not necessarily the most user friendly. and some people might cal the gui slightly dated - persnally i did like that.So this is just make you aware of one of the lightest distros I know of (that is sort of usable out of the box)
Recommended: spec is 128mb ram and pentium2. min spec 46mb ram (maybe thats without the gui desktop environment)It’s possibly a bit lighter than antix - for some reason i never quite got on with either antix or mx - not sure why.
It most definitely is lighter than AntiX, it’s also on my list like Alpine should AntiX not work out. I don’t mind dated GUIs as long as it works. Many thanks.
- Use Arch as the Linux distro. Take advantage of its custom install to reduce the initial footprint.
- Use a lightweight desktop environment. An extreme example would be starting up OpenBox from
startx
but there are some others like LxQt that might work. - AbiWord/Gnumeric are still alive and you can use them instead of LibreOffice.
- You can use Mplayer from CLI as video player.
- Use Transmission or rtorrent instead of Deluge, they take up much less RAM.
- You can use X2Go instead of RustDesk, it forwards X over SSH; but it doesn’t have NAT traversal. Or you can use Tailscale for NAT traversal, which takes care of encryption too, and then you can use plain VNC for desktop viewing.
- Some of the stuff you listed are notorious RAM hogs, like VM, most relational databases, browsers. Good luck with that.
Arch linux is too big even as base. I’m currently using 64-bit AntiX which runs (base) half of what Arch-Linux does according to it’s own guide. It’s using IceWM (which is its heaviest DE). It took a while to investigate believe me, it’s also Debian so focuses more on security than Arch does (due in part to Arch’s bleeding edge status new vulnerabilities are being added all the time, they’re being fixed of course, it’s just a natural consequence of their methodology).
I don’t believe AbiWord or Gnumeric have BASIC capabilities?
Deluge takes up a tiny amount of ram, I’d recommend investigating the thin client mode. It’s smaller than Transmission for me. The non-daemonized client has a memory leak.
Thanks for the tip about X2Go. I’ll take a look.
Gonna trial ArchBang which looks like it’s supposed to run at around 500MB worth of RAM.
Could not even get it to install sighs
Btw, I’m actually very interested in a ‘review’ on the different distros meant to be used on a potato. Therefore, consider making a post in which you share your experiences with them. I would love to read it. Thank you!