A Word on Omarchy
101 comments
·October 22, 2025mtlynch
pizzooid
This seems pretty valid if true:
Moreover, the entire Omarchy ecosystem is held together by often poorly written Bash scripts that lack any structure, let alone properly defined interfaces. Software packages are being installed via curl | sh or similar mechanisms, rather than provided as properly packaged solutions via a package manager. Hansson is quick to label Omarchy a Linux distribution, yet he seems reluctant to engage with the foundational work that defines a true distribution: The development and proper packaging (“distribution”) of software.
antonyh
Because it's opinionated? So maybe there are scripts that use sudo, and perhaps he needs more than 3 tries to fat-finger his password?
Personally, my opinion, I use sudo, and if I take more than 3 goes then I deserve a timeout to get my act together. Anyway, 10 attempts isn't enough to brute-force a decent password, and if bruteforcing is a concern then add 2FA codes or hardware.
There's more serious concerns in the article though - the part about the screensaver / hyprlock? That's just security theatre.
Foxboron
What about just ignoring package signatures?
https://github.com/basecamp/omarchy/blob/master/default/pacm...
Fire-Dragon-DoL
That was my feeling.
I find somewhat ironic that he calls out the security aspect of it without considering the audience.
I feel the tracking for advertising is a lot more a security issue than it is the chances of somebody brute forcing a laptop password
wltr
I’m all in for opinionated software, but not in the cases it is made by people… (if not vibe-coded, lol) by incompetent people. That’s what the article is about if you were to read it longer than you mentioned. Great that you are the top comment, summarises this community for me.
neeeeeeal
Agree with this 100%. The article reads as a super gatekeepy “he made different choices than me so I’m going to trash it and him” piece. The author’s perspective seems to be “how dare he use bash scripts! REAL programmers use system level languages”. Come on buddy.
Author claims there is no structure to the project but one look in the GitHub repo says there clearly is. Also, how many users will now try Arch (or Ubuntu via Omakub) as a result of this? If the answer is a positive number and DHH wants to put his time and weight behind it, that’s a good thing.
ethersteeds
I'll admit I read only the summary linked at the beginning, so I surely skipped over minutae that might have lost me. That said, I disagree with this and gp: the conclusion strikes me not as gatekeepy but reasonable and humane to inexperienced users:
> In fact, it is Omarchy that complicates things further down the line, by including a number of unnecessary components and workarounds, especially when it comes to its chosen desktop environment. The moment an inexperienced user wants or needs to change anything, they’ll be confronted with a jumbled mess that’s difficult to understand and even harder to manage.
> If you want Arch but are too lazy to read through its fantastic Wiki, then look at Manjaro, it’ll take care of you. [...]
> On the other hand, if you’re just looking to tweak your existing desktop, check out other people’s dotfiles and dive into the unixporn communities for inspiration.
That strikes me as very fair. I don't think it's gatekeeping to say that setting users up with a "distro" that eschews package management for a pile of curl|sh invocations is a bad idea for which there are much better approaches.
wyclif
That commentary proves that the guy doesn't get it or is being a willfully obtuse hater. One of the big reasons people have been gravitating toward Omarchy is because they don't want to spend hours ricing or tweaking their desktop, they want to be getting shit done after a sub-15 minute install. And Omarchy does that very well. That's what omakase and "opinionated" mean.
mexicocitinluez
>This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3?
God, this comment is funny to me. This is pulled straight from this website (https://learn.omacom.io/2/the-omarchy-manual/93/security)
> Omarchy takes security extremely seriously. This is meant to be an operating system that you can use to do Real Work in the Real World. Where losing a laptop can’t lead to a security emergency.
lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?
How many times does your bank allow you to type in the wrong password? Is it 10? Cmon.
mtlynch
>lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?
It should, but anything below 100 guesses or so is kind of fine, unless the attacker knows you and has good guesses about your password.
Let's be generous and assume a six character password of all lowercase letters. That's 26^6 possible passwords. That's 3x10^8 possible passwords.
3 guesses means that you have a 0.000001% chance of guessing the password, whereas 10 guesses means your chances are 0.0000032%. Are you worried about a 0.0000022% difference?
The odds are slightly scarier if you limit it to English words, but I still doubt that 3 vs. 10 has any meaningful difference in practical terms.
OGWhales
I'm not seeing why 10 is so significantly worse than 3... How big of a difference is that, really? I believe it took something like 6 failed attempts for my bank to lock me out.
aragilar
But why change the default? Is this in the top 10 things you would do after installing your distro of choice?
To me, this indicates a lack of judgement around what should be prioritised, which is reflected across the many issues the post raises. Naturally judgement is an acquired skill, which novices lack (and which they gain through experience and guidance), but given the big names associated with the project, that doesn't reflect well on their other projects.
yjftsjthsd-h
> lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password?
I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).
> Especially since it's not vetting that actual security of the password itself?
Yes, that should be fixed. But it's a separate matter.
mexicocitinluez
> Yes, that should be fixed. But it's a separate matter.
Sure, because the complexity of your password and the amount of times you get before you're locked out historically don't effect each other lol.
chinathrow
Why is this flagged?
I'm a long term Linux user (since 2003) and I have a brand new Lenovo Thinkpad X1 13th Gen sitting here with a blank boot medium and I have to decide what to install as an OS now. Ubuntu again? Fedora maybe due to more recent drivers? Omarchy due to - why not?
That article helped - the flagging? Not so much.
Kon5ole
> Why is this flagged?
Probably the juvenile title-altering script that could get people in trouble depending on where they’re from.
mexicocitinluez
> Why is this flagged?
Because there are a lot of DHH fanboys on this site.
It's a tad ironic that critiquing the OS of one a guy who thinks he's fighting for "free speech"* gets flagged. lol.
*He doesn't know what free speech actually is as evidenced by his support of Trump and Elon.
mfro
The gap this fills is simple: those who just want a flashy arch installation to post on socials. These people have no concerns about quality because they haven’t used Linux extensively and aren’t using their OS for genuine work.
pinkgolem
I want something that works out of the box, i normally use Mac, but for my private machine I switched to omarchy.
Much nicer configuration then fedora/Ubuntu for productivity.
And be assured, i have not posted a single screenshot anywhere.
mfro
There are numerous other, much more professional and vetted distributions that will better serve you. If you had read the article you’d not be making this comment.
pinkgolem
The author mentions two, i tried both.
Non work as good as omarchy for my very light web development needs at home.
Starts with very simple things, like podman with its improved security getting in my way, or copy paste not working the same in all apps and terminals.
I unfortunately have not a lot of time, between my familie, friends, hobbys and job.
Tbh the reduced/sensible security is most likely one of omarchys selling points.
And who gives a duck about 15gb?
troupo
As always, there are some nebulous "processional" and "vetted" (by whom) distirbutions that will serve "better" (what is the definition of "better")? And it's always a different set. The article doesn't even pretend to qualify why the distributions it picked are better. It even goes as far as saying "If that’s still not to your liking, maybe explore something completely different." and links to distrowatch, as if that's helpful
null
sph
/r/unixporn type distro for Hacker News types that just decided to move away from Windows/macOS
They’ll move to something serious like vanilla Arch, Debian or Fedora soon enough
wyclif
I've installed and used vanilla Arch from scratch on at least three different machines, but this time around I wanted Arch on a ThinkPad but didn't want to spend a few hours configuring and ricing it to my liking.
Omarchy scratches that itch.
phplovesong
Also the tech-influencers like tj and primeagen hyping this hard. I sometime wonder when out industry went to shit. Its all AI slop and hype influencers these days.
mickeyp
What a ridiculous attempt at gatekeeping. People like you are the reason why regular people shun so many communities --- including Linux.
I have used linux since red hat 5.0 in the 1990s, and I think this distro is a great idea. If it helps people switch to libre/free software, then that is a good thing indeed.
zahlman
People who need "help" to switch, from what I've seen, are realistically going to care more about the included DE/WM than anything else. Any number of distros offer Windows-migration-friendly options like Cinnamon (and bundle popular software like LibreOffice, even if there are better alternatives and even forks). And the newcomers really do need to get used to a well-thought-out package manager rather than training to curl | sh all the things.
skydhash
For a new user that would prefer a familiar DE, linux mint and elementary is a good choice. If you’re willing to learn a new OS but wants to start quick, I would recommend Fedora.
Anything else is better suited when you have opinions about the ecosystem.
mfro
I’m not gatekeeping. This is something I have seen time and time again. I have no animosity towards these people, I am glad to see more people working with Linux, but it is a fact that they are not concerned about the quality of the software they run. That’s why they’re running Omarchy.
pityJuke
Is this a deeply petty article? Yes. Is it wrong? I can’t see anything indicating that.
Either way, I appreciate the opinionated and researched review. It was a good read, and certainly highlighted some of the ways Omarchy is… odd.
(Also, the JavaScript is annoying, especially when reading on a phone which backgrounds the tab when you lock it…)
zahlman
> After initially downloading the official ISO file, the first boot of the system greets you with a terminal window informing you that it needs to update a few packages. And by “a few” it means another 1.8GB. I’m still not entirely sure why the v3.0.2 ISO is a hefty 6.2GB, or why it requires downloading an additional 1.8GB after installation on a system with internet access. For comparison, the official Arch installer image is just 1.4GB in size.
That is interesting.
I would respect the article a lot more if it spent words on actually investigating things like this, rather than repeated nitpicking.
donatj
I really just dislike the tone of this.
The author is remarkably negative without actually trying to help anything. The globbing is borked on some shell scripts in a very young Linux distribution? Submit a pull request rather than writing a blog post.
And then the tab changes its name to something dumb when you leave to try to get you to disable JS.
They're mad things come pre-installed. They're mad things don't. They just like being mad.
Dudes got the vibe of a cat.
freehorse
He does try to help though, he points users to actual linux distributions they recommend.
wyclif
OK, I have to admit I cracked up and lost it at "Dude's got the vibe of a cat." That's such a great line with such rich, pointed meaning packed into only a few words.
slig
Besides the gatekeeping, "imperfect" and "unserious" tools can be valid so that people try the thing. "Do your research and try elsewhere" hasn't worked so far, has it?
stephaner
Very detailed and solid analysis of Omarchy project.
I don't understand why the link is now [flagged] by HN?
freehorse
Flagged already? People do not really like critical opinions in here.
mickeyp
It is so sad to see so many people -- including the article, to an extent -- and also people in the comments cast shade on this distro and the people who may try Linux either for the first time, or perhaps one more time, because they tried and failed to switch before.
Calling it flashy is an especially amusing critique. You couldn't kick your way through the 90s and 2000s without the endless parade of semi-transparent terminal windows running on various shades of windowmaker, enlightenment, kde, etc. all to show off how much more advanced the graphics pipeline and customisation was compared to Windows or Mac at the time. So this is hardly a new thing.
Let's hope this distro picks up steam; that it helps convert people who are fed up with Apple and Microsoft to another way of doing things. Arch + hyprland is a fine place to start.
timeon
I think many people have problem with the project because it is from alt-right environment.
null
throwawaypath
>I think many people have problem
"There are dozens of us! Dozens!"
>because it is from alt-right environment.
No it's not.
wyclif
If you seriously think DHH and collaborators are "alt-right", you haven't met many alt-right people.
timeon
Sure there is spectrum. I witnessed more extreme stuff during early 90s in Eastern Europe but still...
mexicocitinluez
You have no clue what you're talking about.
https://world.hey.com/dhh/europeans-don-t-have-or-understand...
The guy who glazes JD Vance, the 1000000% alt-right Vice President who doesn't care about literal Nazis infiltrating his party is probably part of the alt-right.
lol go back to 4chan
mexicocitinluez
> You couldn't kick your way through the 90s and 2000s without the endless parade of semi-transparent terminal windows running on various shades of windowmaker, enlightenment, kde, etc. all to show off how much more advanced the graphics pipeline and customisation was compared to Windows or Mac at the time. So this is hardly a new thing.
What does this even mean with respect to the article?
paulglx
This blog pranks you with changing titles when you switch tabs (some nsfw), then welcomes you back with a paragraph inciting you to disable Javascript. That's nice, but I actually need Javascript in my browser to do real stuff.
sorcercode
got to admit, as a prank it's pretty funny.
fwiw, it's trivially easy to block javascript per site today with uBlock Origin. Firefox + UBlock Origin really is the panacea of a de-shittified web.
chinathrow
Indeed - and the author goes on to show a screenshot of Google Trends which, I'm sure, won't work without JavaScript turned on.
bloppe
It's like 3 lengthy paragraphs that don't even get to the point until the end. The writing wasn't particularly good in the first place, so I just closed the tab when I saw that.
zahlman
That's what NoScript is for, so you can whitelist the things that need it.
Do modern browsers even still offer the built-in option to disable JavaScript unilaterally?
matltc
Chrome does
slightwinder
More important: Why does that person mobs people for using javascript, but then only displays an ugly trashy side when you disable it?
mattbettinson
Holy that is so funny
manmal
I felt just a tiny bit violated by that. Why does this person care about whether I have JS enabled? What’s the term for author’s affliction? Militant techno-minimalism?
The cynicism is also pretty strong, in the first call-out, asking HN audience to jump to the TLDR, because?
slig
Yes, I remembered that other nut-case that shows a NSFW image if the HTTP referrer is from HN.
boesboes
f'ing annoying and pretentious.
srid
I've found Pop!_OS 24.04 beta, with COSMIC, to be more suitable for my preferences than Omarchy. You get the best of both worlds -- hybrid tiling experience. You can toggle between tiling (like Hyprland) and regular desktop environment (like GNOME).
These criticisms all feel very nitpicky and subjective. So many of them seem to boil down to, "this is an opinionated configuration, but their opinions differ from my opinions."
This part was where I stopped taking the article seriously:
>Moreover, taking into account that the system relies heavily on sudo (instead of the more modern doas), and also considering that the default installation configures the maximum number of password retries to 10 (instead of the more cautious limit of three), it raises an important question: Does Omarchy care about security?
This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3? And do you even care about security at all unless you limit to the even more cautious limit of 2?