Arch Linux is poorly designed
Arch Linux is poorly designed.
Yeah. There's a million reasons why Arch is just bad. I think before I say anything else I should preface this with my own experience with Linux.
I've got around four years of experience with Linux in the professional IT space, and over a decade working with it as a hobby. I've bounced between every distro, messing with stuff like Gentoo, Alpine, and NixOS. I'm an "advanced" user that makes minor contributions to the Linux space myself.
What I'm here to articulate is that not only is the entire "Arch paradigm" bad, but that the culture surrounding it is harmful and a fundamental anti-pattern for software usability.
No proper (GUI) installer is an anti-pattern
What do FreeBSD, OpenBSD, and Void Linux have in common? Proper installers. Each of them has at minimum a terminal UI that lets you do a basic installation, saving users hours of time. It's not normal to NOT have an installer for your operating system.
archinstall is a bundle of Python scripts that isn't really akin to a proper TUI, but it's an improvement over what we had before. Unfortunately, even it has the problem of not providing sane defaults either. No firewall, inadequate hardening, Python-related bugs... it's not enonugh.
GUI installers are ideal for EVERY Linux distro as an option. GUI installers are far better for accessibility reasons, and live ISOs are good design. When you're given a live environment, it is much easier to research things within a web browser, tweak your kernel, scrub through documentation, do meticulous partitioning jobs, and a million other tasks. Screen readers work much better and by default we accommodate those that have disabilities by default. Arch relying on the community to provide installers is bad design when the point of a distro should be to provide these things. They exist in better distros like Ubuntu or Fedora for a reason.
Tedious, easy to mess up tasks are an anti-pattern
ArchWiki being so "open" in terms of installation makes it extremely easy to overlook security features that most Arch Linux users neglect: firewall, encryption, and Secure Boot. Distros should offer sane security defaults that you can then disable if you don't need them. This is something a lot of distros struggle with and it's dissapointing. Even Debian to my knowledge still doesn't ship a firewall, and most distros besides Ubuntu and Fedora don't seem to particularly care about the security benefits of Secure Boot.
Users shouldn't be expected to learn how to maintain these things.
Rolling release without built-in stopgaps to prevent breakage is an anti-pattern
When you upgrade packages in Arch Linux, there are no stopgaps or protections to revert regressions built into the operating system. There's no filesystem hook that runs a snapshot by default, there's no mechanism in pacman to track breakages and roll them back. This is something crucial about rolling release distros that needs to exist because of how volatile they can be. openSUSE Tumbleweed has btrfs snapshots with its zypper package manager and you can boot into earlier generations it creates within GRUB. This exists by default outside of the user's intervention. The entire rolling release paradigm breaks if you don't have a system that is by default resilient against nasty bugs that crop up early.
The AUR is a malware honeypot
The Arch User Repository is convenient, but it is completely unvetted by maintainers. In practice, this means it hosts a fuckton of malware and broken builds. Tomorrow someone could easily push out a nasty bug to the AUR and because of how opaque most users process these things they can get bit by a nasty bit of malware that deletes their filesystem. All third party repositories operate with this kind of implicit trust, but with the AUR there's absolutely zero condom to protect you from the elements.
The AUR is BSD ports-like by having users build their own packages. That's fine (ignoring how there are binary packages on the platform), but what's not fine is how these builds are never checked for validity or whether or not they even build correctly in an isolated environment. I understand CI/CD and QA stuff is difficult and requires a lot of server resources, but it's something very desirable and important to have if you host a user repository. I should be able to check on a whim whether or not the package I'm installing or not even builds correctly on Arch Linux as of August 22nd.
openSUSE's Open Build System not only builds packages and provides binaries, but checks everything against its openQA system. Fedora's Copr repositories seem to work a similar way. Both of these are slightly safer than the literal hotbed of malware that is the AUR.
Everyone wants their OS to make decisions for them, they're just lying
Every distro makes a million decisions for their users. That's how a distro operates. The only difference is Arch offers vague choice to the user, enough to make them feel like they're in control. Debian succeeds because it makes sane decisions for the user that can be walked back if they don't want it, whereas Arch is in a weird space where some decisions are opinionated and others aren't.
Arch decides you must use systemd, it builds software with every flag enabled, and the default "base" and "base-devel" groups decide which software should be assigned to the user. This is not a Linux distro divorced from making decisions for users, it's deeply intimate with this idea. It's just confused about what it wants to be and sits in an awkward place where it's really helping no one.
The point of an operating system is to make certain hard decisions for the user that they don't even know exist. Arch Linux pretends to give its users that dynamic of choice and not go the extra mile by providing certain sane defaults.
If you disagree, let me know down in the comments.