Design Philosophy

Core Philosophy

Ditana is built for users who:

• Value high configurability without the need to rely on the terminal, made accessible through a uniquely guided installation wizard.
• Believe in the importance of retaining control over security features, allowing them to decide which protections are most relevant for their own use.
• Prioritize transparency, appreciating detailed documentation of all installation steps through (1) help dialogs within the installer, (2) this website, and (3) the comprehensive READMEs across our Ditana GitHub repositories.

Our approach provides a robust security foundation without assuming which specific protections a user might deem excessive. While Ditana offers advanced security options, we trust the user to determine what is necessary and relevant for them. Unlike many systems that may silently disable or omit security options, Ditana fosters transparency and user agency by openly presenting these choices, respecting the user’s authority over their own security needs.

The project’s name derives from Ammi-Ditana, a Babylonian king known for his long, peaceful reign and focus on infrastructure improvement. This historical connection mirrors our commitment to:

• System Stability: Building upon Arch Linux’s robust foundation while ensuring long-term reliability.
• Continuous Enhancement: Regular updates and improvements without compromising system integrity.
• User Empowerment and Transparency: Providing detailed explanations for every configuration option, ensuring that users are fully informed when making decisions about their system’s behavior.
• High Security Standards: Offering secure defaults and comprehensive documentation without making assumptions about which security features may be irrelevant to users.

User Empowerment Through Informed Choices

Ditana prioritizes giving users full control over their system by providing comprehensive information and flexible options during setup. Instead of imposing static configurations without the user’s knowledge, Ditana’s installer offers detailed explanations and guidance, enabling users to make informed decisions about critical system settings. This approach not only enhances transparency but also empowers users to tailor their Linux experience according to their specific needs and preferences.

Examples

• Locale Settings: Users can choose between fully localized and partially localized setups, which is particularly beneficial for developers. Detailed explanations are provided during installation. Read more in the Locale Settings documentation.
• Optimal Logical Block Addressing Format for SSDs: Ditana detects whether the LBA format is optimal and offers an option to change it, something that traditional partition formatting doesn’t achieve. Users are guided through the benefits and consequences of this choice.
• Swap Partition, ZRAM, and SSD Longevity: Ditana offers comprehensive guidance on configuring swap, including support for ZRAM, which is enabled by default to enhance performance. For users who prefer not to use ZRAM, Ditana provides options to reduce swap usage to extend SSD lifespan. The installer transparently explains the advantages and potential impacts of each setup.
• Boot Initialization System: Users can switch from the default systemd to a BusyBox-based setup for the initramfs phase. This flexibility allows for alternative early boot strategies, while Ditana remains consistent in using systemd post-initramfs. All necessary configurations are robustly handled by the installer, with explanations provided about the differences between these systems.
• General Kernel Configuration: Users can access the General Kernel Configuration dialog to adjust kernel parameters that optimize system performance, security, and resource management.

High Security Standards

Ditana’s core design philosophy emphasizes transparency and user agency in making security-related decisions. Security features are enabled by default, and we avoid silently disabling or neglecting critical security measures. We provide users with the information and options they need to tailor their system’s security to their own requirements.

Key Security Features

• Detection of Available Security Mitigations: Ditana detects security vulnerabilities specific to your CPU and offers to activate mitigations that enhance the security of your system.
• Configurable Kernel Parameters for Security: Ditana enables specific kernel parameters such as init_on_alloc=1 (initialize newly allocated memory) and init_on_free=1 (clear deallocated memory). These measures prevent data leakage by ensuring that memory is securely wiped.
• Controlled Core Dumps: To enhance system security, Ditana disables automatic core dumps in the filesystem package. Clear instructions are provided on how to temporarily enable core dumps when needed.
• Linux Audit Daemon: Installed by default, the Linux Audit Daemon provides essential insights into system behavior and potential security issues using sudo aureport. It is specially configured to avoid queue overflow under conditions of limited CPU resources.
• Desktop Installation Security Features:
  • Arch-Audit-GTK Security Notifier: Enhances security awareness by displaying a tray indicator when security updates are missing, alerting users to take necessary actions.
  • Pikaur AUR Helper: Utilizes systemd dynamic users for building packages, enhancing security. Additionally, Pikaur leverages the AUR voting system to prioritize well-maintained and trusted packages, ensuring users install reliable software.
  • Kalu Upgrade Notifier: Informs users about available system updates and provides the latest Arch Linux News which often include security recommendations.

During the installation process, users are presented with detailed help dialogs that explain the implications of each security option. This guidance enables users to make well-informed, personalized security decisions. Whether installing a headless server or a desktop setup, Ditana ensures that security configurations are transparent and under the user’s control.

Consistent Package Management Approach

Ditana adheres strictly to using Arch Linux’s native package management system for all software installations. This approach contrasts with the increasing trend in other distributions of mixing multiple installation methods (such as Flatpak, Snap, AppImage, or executing downloaded shell scripts with elevated privileges). We believe that a unified package management strategy offers several benefits:

• System Coherence and Stability: By relying on the Arch Package Manager (pacman) and the Arch User Repository (AUR), Ditana ensures a consistent and transparent method for handling software installations, upgrades, and removals.
• Security and Integrity: A single package management system reduces the risk of conflicts, dependency issues, and unmonitored background updates, while centralizing control over software sources.
• User Empowerment: Users benefit from a simplified management experience, trusting that all software installations are handled using a well-documented, community-driven system.

For more details, see Why Arch?.

Emphasis on License Transparency

When choosing packages to install during the setup, Ditana always provides clear information about the licensing of each package. Respecting software licenses is crucial, and transparency in this regard ensures users are well aware of the legal implications. This is an area often overlooked by other distributions, which may assume that users are responsible for researching licensing information independently. We aim to provide a well-informed experience.

Avoidance of Special Configuration Tools

Ditana avoids shipping specialized configuration tools that often conflict with user-made adjustments to system configurations. Instead, all configuration options are centralized in the installer, where the system is in a well-defined state, ensuring reliable changes to settings. For more complex configurations, Ansible is utilized to maintain robustness.

No Live System Philosophy

Ditana does not provide a traditional live system, as the extensive configuration options available within the installer outweigh the limited benefits of a live environment. Instead, Ditana uses a highly customizable installation ISO to offer a comprehensive setup experience.

The installer employs text-based, pseudo-graphical dialogs (using the dialog utility) to guide users. This approach is particularly useful for headless server installations, where no graphical interface is available. Clear instructions are provided on using these dialogs with keyboard navigation, ensuring ease of use.

Final Note on Security and Usability Balance

Ditana’s overall goal is to provide users with the tools and information they need to configure their system securely and effectively. By avoiding hidden defaults and providing a wealth of documentation and context-sensitive help, we aim to offer an experience that is both user-friendly and professionally secure. Users are empowered to confidently tailor their system to their needs, with all decisions based on clear and structured information.