The Installer

• 1: Desktop Applications
• 2: Multimedia Applications
• 3: AI Applications
• 4: Kernel Configuration
• 4.1: General Kernel Configuration
• 4.2: ZRAM related kernel configuration
• 4.3: CPU Vulnerability Mitigation Options
• 5: Comparison of File Systems
• 6: Storage & File System Options
• 7: Firmware
• 8: Development Tools and Libraries
• 8.1: Diffuse

1 - Desktop Applications

This category is only available if you have chosen to install a desktop environment during the Ditana installation process. It provides a carefully curated selection of applications that enhance your desktop experience while maintaining system efficiency.

For specific configuration options and advanced features of each application, please refer to their respective documentation pages linked above.

Office and Productivity

LibreOffice

LibreOffice is a comprehensive open-source office suite (LGPL-3.0-or-later) that serves as a powerful alternative to proprietary office software. It includes:

• Writer for word processing
• Calc for spreadsheets
• Impress for presentations
• Draw for vector graphics
• Base for database management
• Math for formula editing

The appropriate language pack for your system will be automatically installed, ensuring a localized working environment. LibreOffice provides excellent file format compatibility, including Microsoft Office formats, and supports a wide range of extensions for additional functionality.

Betterbird

Betterbird (MPL-2) is an enhanced version of the Thunderbird email client that addresses various limitations of the original software. Key improvements include:

• Multi-line view for better email organization
• Vertical tabs for efficient workspace management
• Enhanced sorting options for better email management
• Improved search capabilities
• Various bug fixes and performance improvements

Like LibreOffice, Betterbird automatically includes the appropriate language pack for your system.

Back In Time

Back In Time (GPL) provides a user-friendly approach to system backups. Notable features:

• Snapshot-based backup system
• Easy restoration of previous file versions
• Automatic backup scheduling through cron integration
• Simple but powerful interface
• Support for multiple backup profiles

Document Management

PDF Arranger

PDF Arranger (GPL-3.0-or-later) is a versatile PDF manipulation tool that allows you to:

• Merge multiple PDF files
• Split PDFs into separate documents
• Rotate and crop pages
• Rearrange page order
• Extract specific pages
• Modify PDF metadata

Xournal++

Xournal++ (GPL-2.0-or-later) is a powerful application for digital note-taking and PDF annotation. It excels in:

• Stylus-based input for natural writing
• PDF annotation and form filling
• Freehand drawing and sketching
• Journal keeping with mixed text and drawings
• Layer-based editing
• Custom toolbar configurations

System Utilities

Etcher

Etcher (Apache) is a reliable imaging utility that provides:

• Safe OS image flashing to SD cards and USB drives
• Validation of written data
• Support for various image formats
• Clean, modern interface
• Cross-platform compatibility

Bitwarden

Bitwarden (GPL3) is a secure password management solution offering:

• Encrypted storage for passwords and sensitive information
• Browser integration
• Secure password generation
• Cross-platform synchronization
• Two-factor authentication support
• Secure sharing capabilities

NoMachine

NoMachine (Proprietary - NoMachine EULA) is a high-performance remote desktop solution featuring:

• NX technology for efficient remote connections
• Low-latency audio and video streaming
• USB device forwarding
• File transfer capabilities
• SSH encryption for secure connections
• Cross-platform support

ZapZap

ZapZap (GPL3) is an optimized WhatsApp desktop client that provides:

• Lower CPU usage compared to browser-based solutions
• Direct image pasting functionality
• Native desktop integration
• Improved performance for long chat sessions
• Regular updates and security patches

Variety

Variety (GPL3) is an advanced wallpaper manager offering:

• Automatic wallpaper downloading and rotation
• Support for multiple online image sources
• Random quote display capability
• Image effects and filtering
• Customizable change intervals
• Event-based wallpaper switching

The Ditana installer configures it to

• Change the background image only every 3 hours
• Use only Bing and Unsplash image sources

2 - Multimedia Applications

This category is only available if you have chosen to install a desktop environment during the Ditana installation process. It provides a selection of powerful multimedia tools for both creative work and entertainment.

Each application can be further customized through its respective settings interface. For detailed configuration options and usage instructions, please refer to the linked documentation pages.

Graphics and Design

Inkscape

Inkscape (GPL/LGPL) is a professional-grade vector graphics editor that offers:

• Native SVG format support
• Advanced path operations
• Marker and clone management
• Alpha blending capabilities
• Extensive filter effects
• Professional typography tools
• Extension system for additional functionality
• Comprehensive export options

Pinta

Pinta (MIT) is a user-friendly raster graphics editor modeled after Paint.NET, featuring:

• Layer-based image editing
• Multiple adjustment tools
• Effect filters
• Drawing tools
• Simple and intuitive interface
• History management
• Basic photo retouching capabilities

MyPaint

MyPaint (GPL) is a professional drawing program optimized for digital artists:

• Pressure-sensitive input support
• Natural media simulation
• Custom brush creation
• Infinite canvas
• Layer management
• Stylus and tablet optimization
• Various artistic tools and brushes

Audio Production

Audacity

Audacity (GPL3/BSD) is a comprehensive audio editing and recording solution that provides:

• Multi-track audio recording
• Professional editing tools
• Plugin support for effects and analysis
• Various audio format support
• Noise reduction capabilities
• Spectrum analysis tools
• MIDI file import
• Recording from multiple sources

Entertainment and Streaming

Spotify

Spotify (Proprietary) provides access to a vast music streaming service:

• Extensive music and podcast library
• Offline playback capability
• High-quality audio streaming
• Collaborative playlist features
• Cross-device synchronization
• Personal recommendations
• Social sharing features

Performance Testing

UNIGINE Superposition

UNIGINE Superposition (Proprietary - UNIGINE Engine) is a comprehensive hardware benchmark tool that tests:

• Graphics card performance
• Power supply stability
• Cooling system efficiency
• System stress handling
• Real-time graphics capabilities
• Hardware compatibility
• Overall system stability

3 - AI Applications

This category is available for both desktop and headless installations, though some options are specific to desktop environments. All AI applications require CPU AVX support and will not be available on systems lacking this capability.

Security Focus: The AI packages listed below utilize a locally running AI API, which enhances privacy and security by processing data directly on your PC. This approach minimizes reliance on external services, ensuring that your data remains secure and under your control. However, if preferred, you have the option to switch to the OpenAI API.

For detailed configuration options and optimal settings for each tool, please refer to their respective documentation pages linked below.

Desktop-Specific AI Tools

The following tools are only available when installing a desktop environment:

Ditana Assistant GUI application

Ditana Assistant (AGPL-3.0-or-later) provides AI-powered system interaction through:

• Natural language interface for common terminal commands
• File operation assistance
• System query handling
• Basic troubleshooting support
• Desktop application launching
• Internet search capabilities
• Optional Integration of Wolfram|Alpha to provide real-time data.

In its default configuration, the assistant runs locally and prioritizes privacy by requesting confirmation before executing any command. You can easily configure it to use OpenAI models, see documentation.

Example screenshot, illustrating the seamless integration of real-time data from the Wolfram|Alpha API, which is automatically accessed as needed:

Logseq

Logseq (AGPL-3.0-or-later) is a powerful knowledge management platform that offers:

• Networked thought organization
• Daily journaling capabilities
• Task and project management
• Bi-directional linking
• Graph visualization
• Markdown and Org-mode support
• Local-first architecture ensuring data privacy
• Extensible plugin system

This Ditana-specific package extends Logseq with AI capabilities through:

• Pre-configured GPT-3 OpenAI plugin to make it use the local KoboldCpp instance
• AI-assisted note-taking capabilities
• Content generation features
• Knowledge synthesis support

This integration maintains privacy by leveraging your local KoboldCpp installation while providing the power of AI-enhanced knowledge management.

Example after pressing Ctrl+G on a Logseq note:

Stable Diffusion

Stable Diffusion (easydiffusion) provides local AI image generation:

• Text-to-image generation
• High-quality output
• Local processing
• Custom model support
• Various generation parameters
• Intuitive interface
• Progress visualization

Core AI Tools

Ditana Assistant Terminal Application

Ditana Assistant (AGPL-3.0-or-later) provides AI-powered system interaction through:

• Natural language interface for common terminal commands
• Terminal-based interaction methods
• File operation assistance
• System query handling
• Basic troubleshooting support
• Desktop application launching
• Internet search capabilities

In its default configuration, the assistant runs locally and prioritizes privacy by requesting confirmation before executing any command. You can easily configure it to use OpenAI models, see documentation.

Example session:

❯ ./ditana-assistant “What are the largest files in the current directory and below?”

find . -type f -exec du -h {} + | sort -rh | head -n 10

Execute above command? (y/n) y

364K	./packaging/arch/ditana-assistant-1.036-1-any.pkg.tar.zst
284K	./src/ditana-logo.png
284K	./packaging/arch/pkg/ditana-assistant/usr/share/ditana/assistant/ditana-logo.png
284K	./packaging/arch/ditana-logo.png
276K	./.git/objects/21/e3382f3ee049d91368ce79218cb4049bae6222
248K	./myenv/lib/python3.12/site-packages/__pycache__/bottle.cpython-312.pyc
248K	./myenv/bin/__pycache__/bottle.cpython-312.pyc
204K	./myenv/lib/python3.12/site-packages/pip/_vendor/rich/__pycache__/_emoji_codes.cpython-312.pyc
160K	./myenv/lib/python3.12/site-packages/pip/_vendor/pkg_resources/__pycache__/__init__.cpython-312.pyc
156K	./myenv/lib/python3.12/site-packages/pip/_vendor/idna/__pycache__/uts46data.cpython-312.pyc

Your Message (’enter’ to quit): Which one of these are safe to delete?

It is important to exercise caution when deleting files, especially system files or files related to applications. In the list provided, the file that appears to be safe to delete without causing any major issues is:

./myenv/lib/python3.12/site-packages/pip/_vendor/idna/__pycache__/uts46data.cpython-312.pyc

This file seems to be a Python cache file and deleting it should not have a significant impact on the functionality of the application. However, it is always recommended to make a backup of the file before deleting it, in case it is needed later on.

See documentation for more examples.

KoboldCpp

KoboldCpp (AGPL-3.0-only) offers private, local AI chat functionality:

• Browser-based interface
• Pre-configured Gemma language model
• Text generation capabilities
• Code completion support
• Local web server implementation
• Privacy-focused design
• Suitable for both desktop and headless systems

Ditana installs it preconfigured with the Gemma language model. A desktop shortcut is installed to access it via its browser interface. This package is also used by the Ditana Assistant via the KoboldCpp API.

Development Tools

CodeGPT

CodeGPT is a development tool that integrates AI assistance into your workflow:

• Automated git commit message generation
• AI-powered code review capabilities
• OpenAI API integration
• Command-line interface
• Multiple model support
• Context-aware suggestions
• Integration with popular git commands

The Ditana installer configures CodeGPT to use gpt-4o-mini instead of gpt-3.5-turbo. As of October 2024, gpt-4o-mini is a factor of 20 cheaper than gpt-3.5-turbo: $0.150 / 1M input tokens. According to https://platform.openai.com/docs/models/gpt-3-5-turbo:

“As of July 2024, gpt-4o-mini should be used in place of gpt-3.5-turbo, as it is cheaper, more capable, multimodal, and just as fast. gpt-3.5-turbo is still available for use in the API.”

Note: Requires an OpenAI API key stored in ~/.shell.d/openai.sh

High-Performance Computing Libraries

A comprehensive suite of libraries optimized for AI/ML workloads and numerical computations:

Basic Libraries

• blas-openblas: Basic Linear Algebra Subprograms for matrix operations
• clblast: OpenCL BLAS library for GPU acceleration
• ocl-icd, opencl-clhpp: OpenCL standard implementations
• openmpi: High-performance message passing library

NVIDIA-Specific Components

When NVIDIA GPU is detected:

• cuda: NVIDIA’s parallel computing platform
• cudnn: Deep Neural Network library
• opencl-nvidia: NVIDIA OpenCL implementation
• lib32-opencl-nvidia: 32-bit NVIDIA OpenCL support
• nccl: Multi-GPU/node collective communication

AMD-Specific Components

For AMD GPU systems:

• hipblas: ROCm BLAS library
• hip-runtime-amd: AMD’s compute interface

System Requirements

• CPU must support AVX instructions
• Adequate RAM (varies by tool)
• Sufficient storage space

4 - Kernel Configuration

Ditana provides access to advanced kernel configurations during installation. These settings allow you to optimize your system’s behavior according to your specific requirements. Each option has been carefully selected to provide meaningful improvements for specific use cases.

Default Configuration

Ditana enables certain kernel optimizations by default, carefully balancing performance, security, and usability. Specific defaults include:

• Parameters meant to be used to optimize ZRAM (which is enabled in Ditana, but - as everything - you can switch it off)
• Enforcing strict mitigations depending on hardware-specific CPU vulnerabilities
• Magic SysRq keys enabled for system recovery
• Memory-related optimizations based on available RAM
• Immediate OOM-killing for better system stability
• Unprivileged container support enabled
• Enhanced device initialization ordering
• Memory zeroing on allocation and deallocation

If you prefer to use the kernel’s default settings (which might be more suitable for specific workloads or when maximum compatibility is required), you can uncheck all options during installation.

4.1 - General Kernel Configuration

These kernel parameters are configured to optimize system performance, security, and resource management. You may choose to adjust these settings based on your specific requirements.

List of General Kernel Configuration Settings

Enable Magic SysRq Keys

Related kernel setting: kernel.sysrq= 0 ⇨ 1

Enables the SysRq (commonly ‘Print Screen’) key for emergency recovery actions, such as Alt+SysRq+B to reboot.

Default: activated

Reduce Background Reclaiming of Filesystem Cache

Related kernel setting: vm.vfs_cache_pressure 100 ⇨ 50

Retains more filesystem metadata in memory for faster access, increasing RAM usage.

Default: activated if system as more than 24 GB RAM.

Minimize Background Memory Compaction

Related kernel setting: vm.compaction_proactiveness 20/100 ⇨ 1/100

Reduces effort spent on memory compaction in the background, which may decrease CPU load at the cost of increased RAM consumption.

Default: activated if system as more than 24 GB RAM.

Order Device Initialization & Power Tasks

Related kernel setting: fw_devlink ⇨ permissive

Facilitates the correct sequence of device initialization and power management tasks based on firmware information. This ensures stable system operation by prioritizing the initialization of supplier devices before consumers and managing power states effectively during suspend/resume cycles.

Default: activated

Allow Normal Users to Run Unprivileged Containers

Related kernel setting: kernel.unprivileged_userns_clone 0 ⇨ 1

This is crucial for running containers, such as Docker, in a more secure manner without granting users full root privileges. For example, a developer can run Docker containers for testing purposes without needing administrative access to the system.

Default: activated

Allow Normal Users to Access Performance Profiling Tools

Related kernel setting: perf_event_paranoid 0 ⇨ 1

This is particularly useful for developers who need to analyze application performance in a more secure way without needing full root privileges.

Default: activated

Automatically Fill Allocated Memory with 0

Related kernel setting: init_on_alloc 0 ⇨ 1

Increases security by zeroing out newly allocated memory.

Default: activated

Automatically Fill Deallocated Memory with 0

Related kernel setting: init_on_free 0 ⇨ 1

Aids in preventing data leakage by clearing freed memory.

Default: activated

4.2 - ZRAM related kernel configuration

ZRAM is enabled by default. In dialog «Storage & File System Options» you may disable it. If you modify kernel settings that would degrade ZRAM’s performance, or the performance of a system without ZRAM (in case ZRAM is disabled), a warning will be displayed when confirming such kernel settings.

List of ZRAM related settings

Optimize swap file and ZRAM usage

Related kernel setting: vm.swappiness

If you have left ZRAM enabled (default), this setting changes the swappiness from the default of 60 to the recommended value of 180. If you have ZRAM disabled, this setting changes swappiness to 1, which conserves RAM for active applications to improve system responsiveness, but leaves less RAM available for kernel operations such as caching file system metadata and managing network buffers. Unchecking the setting will use the kernel default in all cases.

Default: activated if zram is enabled, else if system as more than 24 GB RAM.

Disable Zswap Cache Layer

Related kernel parameter: zswap.enabled=0

Disables Zswap’s intermediary cache, allowing direct use of swap devices like ZRAM.

Default: activated if zram is enabled

Disable Swap Readahead

Related kernel setting: vm.page-cluster 3 ⇨ 0

The system reads only one page at a time from swap, potentially reducing initial latency when accessing swapped-out pages. This is advantageous when using ZRAM, as ZRAM provides fast access to swap space. Reading only the required pages can improve performance without the overhead of prefetching additional pages.

Default: activated if zram is enabled

Disable Extra Memory Reclaim

Related kernel setting: vm.watermark_boost_factor 15000 ⇨ 0

This reduces reclaim activity during memory fragmentation when high-order memory allocations are less critical. This can optimize memory management for systems using ZRAM. Since ZRAM reduces the need for high-order memory allocations, the extra memory reclaim becomes unnecessary, improving overall performance.

Default: activated if zram is enabled

Maintain free memory

Related kernel setting: vm.watermark_scale_factor 10/3000 ⇨ 125/3000

Make the Kernel Swap Thread more aggressive in maintaining free memory. This helps prevent applications from entering direct memory reclaim, enhancing system responsiveness under memory pressure. This is particularly beneficial for systems with ZRAM, because it allows the system to better utilize ZRAM’s fast swap capabilities by maintaining more free memory and reducing allocation stalls.

Default: activated if zram is enabled

4.3 - CPU Vulnerability Mitigation Options

CPU Vulnerability Mitigation Configuration

In line with Ditana’s design philosophy, our distribution enables CPU vulnerability mitigations in High Security Mode by default. During installation, Ditana’s installer allows you to manage each detected CPU vulnerability individually, offering the option to maintain these enhanced security settings or revert to the default kernel configurations.

Default Kernel Settings vs. Ditana’s Mitigations

The default kernel settings provided by the Linux kernel developers strive to balance security and performance. However, these settings do introduce certain security vulnerabilities. Ditana prioritizes robust security by enabling mitigations that address these vulnerabilities without significantly impacting system performance. For most users, the performance implications of Ditana’s mitigations are negligible, while the security benefits are substantial.

Customization and Flexibility

We understand that some users may prefer to optimize their systems for maximum performance, even if it means accepting potential security trade-offs. To accommodate this, Ditana’s installer framework empowers you to adjust CPU vulnerability mitigation settings according to your preferences. Comprehensive explanations for each mitigation option are available through the installer’s Help button and detailed below.

Hardware-Specific Configuration

Please note that the application of these kernel settings is tailored to your specific hardware configuration. Ditana’s hardware detection system ensures that mitigation settings are applied appropriately based on the vulnerabilities relevant to your CPU model.

By choosing to adhere to Ditana’s default mitigation settings, you ensure that your system maintains a high level of security against known CPU vulnerabilities. We recommend keeping these settings enabled to protect your system, unless you have specific needs that justify adjusting them for performance gains.

Additional sources beyond kernel.org

After Installation

Mitigations often include disabling Hyperthreading (SMT) as a fallback. Upon installation, Ditana’s custom terminal header output will display the active mitigations. Note that only enabled mitigations are shown, while any that remain disabled are simply omitted to keep the output concise. Moreover, the output contains information if Hyperthreading (SMT) is enabled or not.

In addition, you can verify applied mitigations by running:

lscpu

To compare performance with and without mitigations, reboot, press e at the boot menu (GRUB), and edit the boot parameters. Remove the parameter associated with a specific mitigation for testing. The specific parameters for each mitigation can be found in the list below under “Applied mitigation.” Reboot and run your usual tasks to evaluate any performance impact rather than using synthetic benchmarks.

If you decide to disable a mitigation permanently, open /etc/default/grub in a terminal editor:

micro /etc/default/grub

Locate the GRUB_CMDLINE_LINUX_DEFAULT line, take a photo of it as a backup, and remove the desired parameters as you did before. Save with Ctrl+S (you will be asked for your password), then run:

sudo grub-mkconfig -o /boot/grub/grub.cfg

After reboot, these settings will persist. If an error prevents booting, use the GRUB boot menu to correct the parameters, then repeat these steps to apply the fix.

Disclaimer

The guidance here relies on the official CPU vulnerability documentation and kernel command-line parameter documentation. Different Ditana-supported kernels may exhibit variations from kernel.org defaults, with occasional complex side effects. Our testing shows these parameters to be effective across kernel versions. We invite you to submit a GitHub issue or join us on Discord to discuss any topic, including kernel parameterization.

In our experience, as developers often working with 100% CPU loads, setting “High Security” across all tested hardware has shown minimal performance impact, even with hyperthreading disabled. This may not apply to all workloads. If your activities benefit from adjusting Ditana’s defaults, please let us know; we aim to refine the installation wizard to accommodate specific hardware needs.

Ditana’s handling of the specific CPU vulnerabilities

Spectre Variant 2 (Branch Target Injection)

This vulnerability allows attackers to exploit speculative execution to access sensitive data. Enabling this option forces the kernel to apply full mitigations for Spectre Variant 2, potentially enhancing security.

For example, on a 12th Gen Intel(R) Core(TM) i9-12900T CPU (which is affected), running lscpu without this mitigation enabled shows:

Spectre v2:             Mitigation; Enhanced / Automatic IBRS; IBPB conditional; RSB filling; PBRSB-eIBRS SW sequence; BHI BHI_DIS_S

With this mitigation enabled, lscpu reports:

Spectre v2:             Mitigation; Enhanced / Automatic IBRS; IBPB always-on; RSB filling; PBRSB-eIBRS SW sequence; BHI BHI_DIS_S

On this specific CPU, the difference is that the Indirect Branch Prediction Barrier (IBPB) is applied consistently (always-on), rather than conditionally. For this CPU model, Hyper-Threading (SMT) remains enabled.

L1 Terminal Fault (L1TF)

Affects Intel CPUs, allowing unauthorized access to data in the Level 1 cache. This option enforces full mitigation, which may involve more aggressive cache flushing.

Microarchitectural Data Sampling (MDS)

Allows attackers to sample data from CPU buffers. Enabling this enforces full mitigations and may disable Simultaneous Multithreading (SMT) if necessary.

TSX Asynchronous Abort (TAA)

Affects CPUs with Transactional Synchronization Extensions (TSX). This option enables full mitigation and may disable SMT if required.

Meltdown (L1D Flushing)

Exploits speculative execution to read kernel memory. Enabling this forces the kernel to flush the Level 1 data cache to mitigate Meltdown.

MMIO Stale Data Vulnerabilities

Allows leakage of data from Memory-Mapped I/O. This enforces full mitigations and may disable SMT if needed.

Retbleed (Cross-Thread Return Address Predictions)

A speculative execution attack that can leak return addresses. This option enables automatic mitigation and may disable SMT.

See Cross-Thread Return Address Predictions for the details on kernel.org.

Speculative Return Stack Overflow (SRSO)

Leads to speculative execution attacks via the return stack buffer. Enabling this applies mitigations and may impact performance.

Gather Data Sampling (GDS)

Affects AVX instructions. This option forces microcode mitigations or disables AVX if the microcode is unavailable.

Register File Data Sampling (RFDS)

Allows sampling of data from CPU registers. Enabling this activates mitigations to protect against RFDS.

See Register File Data Sampling (RFDS) for the details on kernel.org.

Not included CPU vulnerabilities

These vulnerabilities are not included in the Ditana installer, because the kernel performs maximum mitigation by default.

Spectre Side Channels: variant 1 (Bounds Check Bypass)

iTLB multihit

See iTLB multihit for the details on kernel.org.

SRBDS - Special Register Buffer Data Sampling

See SRBDS - Special Register Buffer Data Sampling for the details on kernel.org.

Speculative Store Bypass (SSB)

Mitigation Reduction Options

In addition to the specific CPU vulnerability mitigations, Ditana provides options to reduce or disable mitigations globally. Please note that using these options can significantly increase the security risks associated with your system.

Disable Intel BTI Mitigation - Security Risk! Undocumented! (ibt=off)

This option disables the Intel Branch Target Injection (BTI) mitigation. Warning: This is an undocumented kernel parameter and is generally not recommended. Despite its widespread use and often being set as a default without explicit communication, disabling BTI can expose the system to security vulnerabilities.

The primary purpose of BTI mitigation is to protect against certain speculative execution attacks by enforcing Control-flow Enforcement Technology (CET) Shadow Stack. More details can be found in the CET Shadow Stack documentation.

Usage Warning: Disabling BTI mitigation may expose your system to potential security threats. It is advised to keep this mitigation enabled unless you have a specific, justified need to disable it.

Disable All Mitigations - Security Risk! (mitigations=off)

This option differs from disabling all mitigations that Ditana offers, because it disables all mitigations that the kernel offers. Warning: Disabling all mitigations poses a high security risk and is strongly discouraged unless absolutely necessary for specific use cases.

By setting mitigations=off, the system will not apply any of the available mitigations for known CPU vulnerabilities, potentially exposing the system to various speculative execution and side-channel attacks.

For more information, refer to the Kernel Parameters Documentation.

5 - Comparison of File Systems

File system selection is a critical aspect of operating system design and user experience. While Windows relies on NTFS with continuous TRIM, and macOS uses APFS—often benefiting from seamless integration with Apple hardware—Ditana GNU/Linux prioritizes efficiency with ZFS or BTRFS using noatime, weekly TRIM, and zstd compression. By striking a balance between reduced write operations, optimized compression, and controlled TRIM intervals, Ditana GNU/Linux aims to minimize overall system load and extend SSD lifespan.

6 - Storage & File System Options

In this dialog you can configure various storage and filesystem settings to optimize your system’s performance, durability, and security. This guide provides detailed information on each available option.

1. Disable File Access Time Recording

Enable the noatime option when mounting the root file system to prevent the recording of the last access time of files. This configuration offers several benefits:

• Performance Improvement: Reduces the overhead associated with updating access times on each file read operation, leading to faster file system performance.
• Reduced Wear on Storage Devices: Minimizes write operations, which is particularly advantageous for SSDs by extending their lifespan.
• Optimized for Btrfs: Enhances snapshot performance by reducing the number of write operations required during snapshot creation and management.
• Enhanced Security: Prevents exposure of file access patterns, reducing potential information leakage.

Considerations: While noatime is beneficial for most users, it can be disabled if specific applications rely on access time information.

2. Install ZRAM

ZRAM is enabled by default to optimize memory usage by creating a compressed swap space in RAM. This setup offers several advantages:

• Memory Optimization: Efficiently uses available RAM by compressing unused memory pages, allowing more applications to run simultaneously.
• Reduced Wear on Storage Devices: Decreases the reliance on swap space located on SSDs or HDDs, thereby extending their lifespan.
• Enhanced System Responsiveness: Improves performance under memory pressure by providing a faster swap solution compared to disk-based swap.
• Automatic Management: Managed by the zram-generator, which configures and activates ZRAM without requiring manual setup.

Considerations: Only consider disabling ZRAM if you are certain that the system will not encounter high memory demand.

Additional Notes:

• With a Swap Partition:

  • If a swap partition is configured (e.g., $SWAP_PARTITION GiB), ZRAM will create an additional compressed swap layer. This compressed swap is utilized before accessing the SSD or HDD swap space to further reduce wear.

• Without a Swap Partition:

  • If no swap partition is configured, the system will rely solely on ZRAM to handle swap needs efficiently, utilizing compressed memory to manage occasional high RAM demand.

3. Make a RAM Disk Available

This option allows you to create a dedicated RAM Disk mounted within the user’s runtime directory ($XDG_RUNTIME_DIR) and symlinked to $HOME/RAMDisk. Key features include:

• User-Exclusive Temporary Storage: Provides a clean space for temporary data, separate from system files like $XDG_RUNTIME_DIR and /tmp.
• Controlled and Secure Access: Accessible only to the user, ensuring that temporary data remains private and secure.
• Easy Integration: Set up with the $RAMDISK environment variable for convenient reference in the terminal.

Ideal Use Cases:

• Fast Temporary Storage: Suitable for tasks that require quick read/write operations, such as video processing or caching.
• Automatic Cleanup: The RAM Disk integrates with the file manager on desktops and clears automatically upon logout, ensuring that temporary data does not persist unnecessarily.

Kernel Configuration Adjustments

Enabling certain options may modify kernel settings to ensure optimal performance:

• ZRAM Installation:

  • Modifies kernel settings related to swap management to ensure that ZRAM operates efficiently.
  • If ZRAM is enabled, specific kernel parameters are adjusted to balance performance and storage usage.

• Without ZRAM:

  • Kernel settings are adjusted to ensure that the system functions optimally without ZRAM, maintaining performance without the compressed swap layer.

These adjustments can be reviewed under the General Kernel Configuration section.

7 - Firmware

Currently, the firmware packages are hard-coded, so the user has no option to change them. The settings.json includes a component “firmware” that lists the installed packages. Firmware that requires additional logic, like b43-firmware, is placed into separate components.

Currently, these are

• b43-firmware - Firmware for Broadcom B43 wireless networking chips
• linux-atm - Drivers and tools to support ATM networking
• linux-firmware - Basic firmware packages
• linux-firmware-marvell - Firmware for Marvell devices
• sof-firmware - Sound Open Firmware
• wireless-regdb - Central Regulatory Domain Database

If you need additional packages for your system, or your system needs additional configuration, please open a GitHub issue.

8 - Development Tools and Libraries

8.1 - Diffuse

Diffuse is unfortunately not as widely used as tools like Meld, KDiff3 and P4Merge. While these alternatives offer slightly different functionalities in their diff capabilities, Diffuse excels in its merge functionality.

Diffuse supports n-way merges and displays all versions involved in the merge process. In contrast, Meld does not display the base version, which can be crucial for resolving complex merge conflicts. Additionally, Diffuse allows for manual alignment of lines, which is important when code blocks have been moved and simultaneously modified. The merge view in Diffuse may require some getting used to, as it presents four side-by-side windows:

• A: The local version
• B: The merged version (the one you work on)
• C: The remote version
• D: The base version

For comparison, KDiff3 (which also allows manual alignment) displays four windows as well. However, the result window B is positioned below the “supplier” versions of the files, similar to Meld and P4Merge. Meld does not show the base version, and in P4Merge, the controls for resolving merge conflicts can be somewhat unintuitive. Neither Meld nor P4Merge allow for manual alignment of lines.

To resolve a merge conflict in Diffuse, navigate between differences using Ctrl+Down and Ctrl+Up. In the resulting file B, you will see the text that Git itself generates in the event of a conflict (unlike other tools). For example:

<<<<<<< HEAD
`kora-yellow-icon-theme` is used by ditana-config-xfce on Ditana GNU/Linux.
=======
`kora-yellow-icon-theme` is used by [ditana-config-xfce](https://github.com/acrion/ditana-config-xfce) on Ditana Linux.
>>>>>>> 8a5933f8aba535f7265111ec806f91d6107f3ab6

In this example, a merge conflict occurs because this line was modified in two places: both in the local version A (which added “GNU/”) and in the remote version C (which added a link).

In such cases, the approach is similar to other merge tools: choose either A or C to resolve the merge conflict and manually incorporate changes from the other version in the merge editor. To do this:

1. Select the conflicting lines using Ctrl+Down or Ctrl+Up.
2. Choose “Copy Right Into Selection” (Ctrl+Left) if you want to adopt C (the remote version), which is the quicker option in the example above, or choose “Copy Left Into Selection” (Ctrl+Right) if you prefer to adopt A (the local version).
3. Double-click the area in B that you wish to edit, make the necessary changes, and then press the Escape key.
4. Close Diffuse, which will prompt you to save your changes.

Afterwards, confirm the successful merge in Git with git commit (Git message: use "git commit" to conclude merge).

Why Ditana Chooses Diffuse

While there are several merge tools available, Ditana has chosen to include Diffuse due to its superior merge capabilities, particularly its support for n-way merges and comprehensive version display. These features make Diffuse especially effective for handling complex merge conflicts that other tools may struggle with. Additionally, Diffuse’s ability to align lines manually ensures that developers can manage intricate code changes with greater precision. Although Diffuse’s merge interface may take some time to get accustomed to, its robust functionality provides significant advantages for development workflows in Ditana.