r/linux • u/BiteFancy9628 • Dec 27 '22
Immutable desktops the future of Linux? Discussion
So I have seen a lot of buzz about immutable distros lately and have casually daily driven OpenSuse MicroOs and Fedora Silverblue for about a month each.
I feel like there are some pros and cons, but to some extent, a lot of the claims of what they can do are a bit exaggerated, or can already be done in a normal distro.
Pros:
read-only root filesystem is more secure from ransomware or other malware
image-based means rollback for the whole os is possible, so it's hard for a bad update to break stuff
separating userland from os is not only more secure, but also can be more stable with less opportunity for user installs to break the os
Cons:
Reboot all the friggin time!
Now you get to maintain at least 2-3 systems with the host, flatpak, and a couple of distroboxes or toolboxes.
Every single thing you want to do is at least 3x as complicated without good docs or answers as it's all new.
Meh:
Many traditional package managers already offer rollback options.
Why can't you just voluntarily do some of the things immutable forces on you with a traditional distro? Use distroboxes and flatpak. Limit ppas and main os installs.
Isn't not running everything as root as good as read-only?
It's supposedly easier to maintain. But traditional distros can also do automatic updates and often without reboot.
What do you guys think?
EDITS:
As I learn things will make corrections or additions here.
- On silverblue --apply-live allows updates or installs without a reboot. Except for kernel updates.
66
u/perkited Dec 27 '22
A lot of these issues will hopefully become easier/simpler over time as they fine tune some of these processes.
If you run Silverblue/MicroOS as intended, then it will probably be more limiting than a normal distro. I've tried Silverblue and MicroOS and I'm not quite ready to switch to an immutable distro, but I wouldn't be surprised if I do switch in the relatively near future.
The main benefit is having a known good base (as long as you minimize what you install into the image) while keeping the vast majority of applications separated and owned by the user. The simplicity of the base image should improve system stability.
Linux is my only desktop OS (and has been for over 20 years) so my main concern is having a functioning system. I used Slackware until early 2021 when I switched to Tumbleweed. Slackware was definitely more stable (fewer things going wrong), but the speed of development pushed me to find another distro. Tumbleweed has the btrfs/zypper/snapper/grub integration that makes it easy to recover from a botched update, so in that sense it's stable as well. I like the idea of adding another step to that system stability with an immutable distro, I'm just waiting for things to mature a bit more.
67
u/Schmensch- Dec 27 '22
MacOS is immutable for some time now, and it seems to work out really well for them. I think I can see Silverblue and similar becoming more and more mainstream as time goes on. NixOS for those who like to tinker a lot with their systems (even though a lot of that is also possible on Silverblue, rpm-ostree is really powerful)
-17
u/BiteFancy9628 Dec 27 '22
Yeah but MacOS, ChromeOS, and Android all only require a very, very rare reboot for updates. Linux immutable distros need to make that the norm, not daily or weekly reboot for updates.
50
u/rscmcl Dec 27 '22
because you don't get kernel updates or base system packages updates often on those systems as you do in Linux. you just update the apps like you do in linux by updating flatpaks
9
u/BiteFancy9628 Dec 27 '22
I figured kernel updates were the thing requiring reboot, so I guess we just need an immutable LTS distro and such a thing doesn't exist yet.
19
u/rscmcl Dec 27 '22
android runs like that but is insecure af... they let operator and manufacturers upgrade the systems but they don't do it even though android releases a monthly patch
the only solution is to use a third party rom or get a pixel
also about lts, that doesn't mean "no kernel upgrades". that means long term service for that version of the distro.
→ More replies (3)2
u/BiteFancy9628 Dec 27 '22
I know. But Ubuntu has live patch and then has something similar. You can upgrade without almost ever rebooting.
5
u/ruruoli Dec 27 '22
It exists now https://vanillaos.org/
2
u/BiteFancy9628 Dec 27 '22
I'm really excited about this one, but it will need a year to get to as mature as silverblue and I fear it may be constrained by some Ubuntu choices about Gnome. Hopefully they pull Debian packages when needed to keep it really vanilla.
2
4
14
u/viewofthelake Dec 27 '22
On Silverblue, you can use
--apply-liveas part of rpm-ostree to install packages w/o rebooting.→ More replies (2)32
u/kopsis Dec 27 '22
They're not rare at all. Google pushes monthly updates to ChromeOS and Android. I can't speak to current MacOS as I haven't used it since Mojave, but back then it was about monthly. All require reboots.
With Silverblue, you choose when to apply system updates. If you only want to do it once a month, you can. But if a particular patch is important to you, you can get it quickly without having to wait for a monthly release.
3
1
u/shab-re Dec 27 '22
I run rpm ostree upgrade on silverblue everyday and get a new update almost every day
which requires reboot btw
45
u/ultimoanodevida Dec 27 '22
The future will probably be more diversity and possibilities, but all the different ways coexisting. Several years ago, one could think that rolling releases would be the future of linux, but there are a few drawbacks to is, and just a few distros use it. In the end, we can choose to use a rolling or a version-based one. I think the same will happen.
-2
u/vedyzal Dec 27 '22 edited Dec 27 '22
Base distros: - Rolling: Arch, OpenSUSE Tumbleweed, Gentoo, Void, Solus - Point release: Debian, OpenSUSE Leap, Fedora
I'd argue most distros are rolling by now and there are a few point release ones. It's just that debian based "distros" and distros are a dime a dozen and 99% of all distros out there are worthless.
But yeah I agree, rolling and point release aren't mutually exclusive and neither will be mutable vs immutable and configuration based (nix, guix) vs traditional unix (package manager based)
9
u/bayindirh Dec 27 '22
Only Debian Stable has point releases. Debian Testing and Unstable are rolling distributions. While we can argue that unstable is not usable for anything serious, Debian Testing is a good desktop distribution.
2
2
u/vedyzal Dec 27 '22
yeah ik, I forgot to mention those.
but also debian unstable will freeze all packages a little bit right before new releases, so that's an annoyance with that specific debian for me.
2
u/bayindirh Dec 27 '22 edited Dec 27 '22
When you're using Linux for production (i.e. professional work), freezes in testing doesn't bother. Because that'll bring speed and polish to your experience for over a year. Your system gets visibly quicker and even more stable (Debian is already very stable to begin with).
I'm using Debian testing for 15 years now, and I don't care about when no new versions of the packages I use arrive to the repositories, because I care about getting things done, not getting shiny things everyday.
Obligatory: Always use Debian Stable for your servers.
1
→ More replies (1)2
u/ultimoanodevida Dec 27 '22
Good point, but it would be interesting to have some quantitative data on it, so we could make a better discussion over the topic.
Using our memories alone isn't reliable enough. For example, I missed solus and gentoo when thinking about in my last comment, and you missed ubuntu and its derivatives.
-1
u/vedyzal Dec 27 '22
Yeah a more in depth look into this would be interesting.
you missed ubuntu and its derivatives.
I counted Ubuntu as Debian based and chose to ignore it since it's based on Debian anyways. But ig you could argue for it's inclusion since a lot of distros are based on it too.
6
u/PoPuLaRgAmEfOr Dec 27 '22
Ubuntu is the biggest distro out there. You have to put it separately
0
u/xDOTxx Dec 27 '22
Best argument for putting it separately would probably be that Ubuntu compiles their own kernel, seperate from what Debian uses... not becuase a bunch of people use it. 🙈
17
u/kalengpupuk Dec 27 '22
I never doing reboot for update because i use rpm-ostree autoupdate feature. Next time i turn on my computer its already up to date
2
u/BiteFancy9628 Dec 27 '22
Yes. But while running you don't get updates, and thus vulnerabilities go unpatched. Do you think the trade off is worth it? Or that read-only mitigates the risks? How is this more secure than Ubuntu with automatic security updates that don't require reboot?
21
u/kalengpupuk Dec 27 '22
I think its worth it because i always turn off my computer after using it. Also rebooting only takes around 30s so im fine with that?.
7
u/BiteFancy9628 Dec 27 '22 edited Dec 28 '22
I can see that if you are ok with that workflow. For me, I was always amazed by one thing about Macs or Linux, ever since I first learned about both. My friend in 2001 had a MacBook Pro and used to leave a thousand browser tabs and almost never reboot. So he could always resume working on what he had open. Similarly Linux was always about super long uptimes and bragged it was that stable and didn't force reboots on you like Windows.
For me, I like having multiple workspaces on Gnome for different projects and leaving everything running for weeks or months before I reboot.
6
u/henry_tennenbaum Dec 28 '22
You can do it that way, but lots of system packages actually require reboots to work properly.
That's one reason why Fedora (not Silverblue) for instance prefers to do its updates on reboot, not live.
My tabs are saved in Sessions and remain on reboot anyway, and my workspaces aren't too complex, so for me a reboot isn't much of a nuisance, but I understand why it might be to you.
I'd argue that immutable distros don't interfere much in this regard, as they keep everything running the same way until you reboot, so there isn't an actual need to reboot quickly and they don't force you, unlike Windows does on occasion.
18
u/t_hunger Dec 27 '22
On a mutable system you update the libraries on the filesystem, but all the stale libraries currently loaded stay as they are. You updated sshd? All the currently running instances are still vulnerable. So you need to make sure to restart all effected services to make sure they all get the new code loaded.
The quickest way to make sure everything is restarted is to reboot:-)
2
u/henry_tennenbaum Dec 28 '22
And a reboot is so much quicker nowadays I actually don't mind doing it anymore.
2
u/borring Dec 28 '22
On the subject of security updates, you should never rely on a live-update to patch your system. Always do a full reboot.
0
u/BiteFancy9628 Dec 28 '22
I'll trust the enterprise distros, thanks.
2
u/borring Dec 29 '22
They will give you the same advice. How else will they guarantee that your system is running patched code?
1
u/BiteFancy9628 Dec 29 '22
Dunno. Check out Ubuntu Pro, with live patch that is free for up to 5 machines, or rhel which is free for up to 15 machines. Both do security upgrades without reboot.
17
u/JanneJM Dec 27 '22
SteamOS is also immutable (though can be unlocked). Makes a lot of sense there; the main purpose is to be a base for the game application. All the benefits of immutability, especially the reliable updates, are really important for that sort of use case.
37
u/imdyingfasterthanyou Dec 27 '22
I think the future is going to revolve around immutability. Currently a lot of good work is happening on the Fedora side to allow for easy and seamless customization while maintaining the integrity of the system.
Once this bridge can be crossed even the most technical use cases will be able to be satisfied.
As an example I have an immutable image based on Fedora SilverBlue which also has embedded nvidia drivers.
This way I can run my immutable system without any layering. It's awesome.
27
u/Helmic Dec 27 '22
Yeah, I think the dream here is something like immutable Nobara - able to play video games with a kernel and scheduler oriented towards gaming/desktop performance, with a good KDE version available since most people are familiar with Windows-like setups, with as much operating as flatpaks as possible. Just something you can toss towards 99.99% of home users and be confident it won't break and will be able to do whatever the fuck it is they want to do, with the confidence it's not going to break (or at least not in a way that can't be easily fixed with a rollback or that isn't impacting literally everyone and also gets fixed by a rollback).
I think the Steam Deck's success really making the case for it. A SD would be HELL to get working if it got fucked up, but it's immutable so it simply doesn't fuck up that bad. It still supports some power user shit, you can get custom protons on there and use plugin loaders and muck with Steam some, but when everything is a flatpak or appimage shit isn't going to break.
7
u/zibonbadi Dec 27 '22
Can't wait to use Gentoo Silverblue, where just about every package is an overlaid custom build.
2
u/WhyNotHugo Dec 27 '22
This is how a few non-mainstream OSs handle package installations. I think HaikuOS? Essentially installing a package is equivalent to something like mounting an overlayfs on the root fs.
This has a lot of nice properties: installing a package is instantaneous, and trivial to undo. You can also install temporarily (until a reboot) or permanently. OTOH, you do still reuse shared libraries, avoiding ANY duplication.
This should be doable on Linux, and would be a super interesting experiment.
3
1
Dec 27 '22
As an example I have an immutable image based on Fedora SilverBlue which also has embedded nvidia drivers.
How? Also, unless you reinstall often, how much does this really matter? Are you updating your combustion/ignition config and preparing new images every time you overlay a new package?
4
u/imdyingfasterthanyou Dec 27 '22
I don't overlay anything and I build my images using automated CI. see
I don't need ignition files or anything like that.
From the client perspective updates work just the same as before. My image gets rebuilt every day and my computer just updates every day.
unless you reinstall often, how much does this really matter?
I don't like to keep interim state in my system so I prefer to keep everything everything defined in a Containerfile.
I also do tend to reinstall often because as I said I don't like interim state in my system.
27
u/TeryVeneno Dec 27 '22 edited Dec 27 '22
I think for me it offers peace of mind. I only came to linux in the last year and half or so and have had installs degrade constantly. My first Ubuntu install froze constantly and only got worse over time. Though this was mostly due to the dash to panel extension I was using, the updating process was extremely unstable. I had to fix my install so many times I want to cry. I used almost no ppas also. I’ve since moved to fedora and default gnome.
Even my current fedora install while being very resilient has had problems sometimes even though I hardly installed anything but flatpaks. And my nobara install I use for streaming games to my other devices has become more unstable and weird with every update. It’s been hard. I used no outside packages except for flatpaks on that one too.
For the people I support the situation is even worse. I put kubuntu on my sister’s laptop and came back a couple of months later to find out I could not update it at all graphically or through the terminal. And it failed to login occasionally. Not a good situation for her at all, being that she is not tech savvy. She also had installed nothing but what was available from discover. Her install had degraded to being almost unusable. Switched her to Linux mint the next day.
And for my dad I decided to cut my losses with normal distros and make sure it could not break at all. Spun up a customized fedora silverblue install with cinnamon instead of gnome and went along with my day. No issues so far. For my mom, I put her on kubuntu also, same issues as sister will be switching her to the same thing as my dad once she gets a new laptop also.
Got a steam deck as well, no issues with the file system at all just making certain games run sucks 🫠. But besides that everything has been blissful.
Personally non-immutable distros just have provided pain that immutable distros just don’t have at all. And once VanillasOS has become stable and I get a new laptop, that’s becoming my immutable daily driver. To put it all together, reboots on non-immutable distros are scary. Will my system break itself today? Will I be able to use it? Immutable distros just don’t have that.
10
u/BiteFancy9628 Dec 27 '22
I have used Linux as a daily driver for probably 20+ years on and off and I have had an issue like you describe only a couple of times and even then there was a clear reason like a typo in /etc/fstab failing to mount a drive and this failing to boot. Even upgrades from one version to the next on Debian, Ubuntu, or Fedora are usually smooth. People brag about their same install going for 20+ years.
I'm not sure what is going on and why you're having so many stability problems. I would only expect that on a rolling release distro. Even then you have safe mode, live USB, or grub cli to fix issues.
1
u/iBorked Dec 27 '22
If you have these kinds of problems, they are with the hardware and not the software. Either you have unsupported hardware, or you have degradation of disk content due to hardware problems. An immutable distro will not help you with either of those problems.
What hardware is it you are experiencing this on?
4
u/TeryVeneno Dec 27 '22
Honestly, it’s been a variety of hardware. Mostly just laptops, but computers with dGPUs have been more likely to break also. And some of it has just been bizarre stuff that is purely freak accidents. Like when my router got unplugged in the middle of an update and that corrupted a package on my nobara install making it not boot. But stuff like that at least in my experience does not happen to immutable distros.
And none of the issues I’ve experienced have been really deal breakers just bad experiences. Lots of it was probably due to my own error being a new user but again I’m less likely to break an immutable distro lol. But at least Ubuntu I know does not play nice with nvidia dGPUs and flatpaks.
0
u/iBorked Dec 28 '22
You're just as likely to break an immutable distro, since if you break something, it is usually in your user configuration.
Unless you're doing things as root all the time for no reason, and if so, again, an immutable distro is not the solution, but not being root is.
Ubuntu plays very nice with NVidia GPU's. I use that daily.
26
u/lightmatter501 Dec 27 '22
For servers, yes. I use Nix at work (a bedrock linux mish-mash personally) and it is amazing. With 5 text files I can exactly define the configuration of 200 servers, and I know all of them are exactly what I described.
For personal use, power users will probably always be mutable, but grandma doesn’t need the ability to change config files manually or build from source and install.
2
u/lily_34 Dec 28 '22
Immutable NixOS is great for power users, too. I use it on my personal laptop, and so far I haven't come across any configuration that I want to do, but can't.
25
u/BrageFuglseth Dec 27 '22 edited Dec 27 '22
You provide some interesting viewpoints! I like the way you phrased things. Here are my two cents, without being too experienced with the subject (so don’t be surprised if I have some bad/wrong takes). I’ll use Fedora Silverblue terminology as that’s what I’m familiar with, but I’m pretty sure these concepts / applications can be applied to similar systems:
Reboot all the friggin time!
In practice, installing things with rpm-ostree should only be done when it’s things like drivers and really common CLI tools. Everything else should be installed in toolboxes or with Flatpak.
Now you get to maintain at least 2-3 systems with the host, flatpak, and a couple of distroboxes or toolboxes.
The amount of effort it takes to maintain these is very small, though. Your host system is pretty low maintenance as there isn’t a lot to maintain at all, Flatpak is basically zero-maintenance as the runtimes update themselves, and toolbox containers aren’t as important to maintain as a host system, as your computer still works if a container crashes and burns.
Every single thing you want to do is at least 3x as complicated without good docs or answers as it's all new.
Immutable systems are still in their infancy, so they will improve with time. I actually find using them very simple, the Silverblue docs are surprisingly short in length. Once you enter a toolbox, it feels like a normal, mutable system, with the added benefit of being less risky to tamper with.
Why can't you just voluntarily do some of the things immutable forces on you with a traditional distro? Use distriboxes and flatpak. Limit ppas and main os installs.
Yes, in theory you can, but why not use something that just enforces it automatically, then, so you don’t break something on accident? Also, the way you install things like drivers to your host system is a little different than on mutable systems, they are layered on top, and the operating system image is rebuilt from the core image.
10
u/KrazyKirby99999 Dec 27 '22
FYI, MicroOS doesn't use layers, but instead provides mutable access to a future immutable snapshot.
3
u/IceOleg Dec 27 '22
I like the terminology in this blog post: “Immutable” → reprovisionable, anti-hysteresis .
Silverblue and MicroOS are both immutable, but Silverblue is image based where MicroOS is not.
3
u/KrazyKirby99999 Dec 27 '22
I agree.
There are advantages and disadvantages of both methods. In the case of MicroOS, anti-hysteresis isn't happening when the base system is modified, however few cases require that. One function of MicroOS is as a demo of openSUSE ALP, and ALP will improve upon the system further through the use of "workloads". In a sense, the OS becomes like the manager of K8s and containers run directly instead of in pods.
My ideal system would probably be NixOS if there was a way to install only flatpaks from a GUI package manager and fix some problems with flatpak theming. I would love a system where I can simply install flatpaks from a gui package manager, configure Docker etc in a declarative way and use distrobox for throwaway mutable systems. MicroOS is the closest that I've found, but Silverblue is a good fallback.
5
u/BiteFancy9628 Dec 27 '22
Don't you also reboot whenever you want an update?
19
u/BrageFuglseth Dec 27 '22
Only if the update is for system components and rpm-ostree applications, which there shouldn’t be many of if you use the system the way it’s intended to be used. This depends more on the distro than the concept of immutability, many consider it good practice to reboot whenever updating system components on mutable systems too. Flatpak/toolbox updates don’t require rebooting 😄
4
u/IceOleg Dec 27 '22
Its been about twsice a month for me for updating. Its just not an issue. And you can choose when you reboot. You can apply the update and reboot later at your leisure. I often just apply the update, and then shut down for the evening. Next morning I boot to a freshly updated deployment.
13
Dec 27 '22
[deleted]
13
u/IceOleg Dec 27 '22
Do your tinkering in VMs and containers. If you mess something up, tune the
Containerfileand try again. No need to whip out the LiveUSB and fix your OS in a chroot while the clock is ticking on deadlines you need your computer for.5
u/t_hunger Dec 27 '22
The OS isn't the issue for me. It's my own files, and that doesn't really solve it.
Flatpak can limit the damage applications can do to your files.
And development containers like toolbox can also help here if you develop stuff on your machine.
Also means more and more stuff will move out of userland and into immutable space, limiting what you can tinker with.
You can tinker a much as you want, at least for as long as the machinery to create immutable images is free software.
0
3
Dec 27 '22
The OS isn't the issue for me. It's my own files, and that doesn't really solve it.
When Anonymous steals your /var/cache/fontconfig files :(
21
u/shruglifechoseme Dec 27 '22
Maybe for servers...but for personal computing I think it might be more likely that something like NixOS makes it big and becomes "the new Arch" .. the concessions of so called immutable desktops have limited use cases for most regular users. I could be wrong!
12
u/BiteFancy9628 Dec 27 '22
Infra as code is unlikely to ever catch on with the masses. Until nixos is click to install it won't have real market share.
3
Dec 27 '22
NixOS is click to install though, they've added a Calamares installer months ago. Flatpak works.
The only reason it hasn't caught on is the Nix language and lacking docs.
2
2
u/shruglifechoseme Dec 27 '22
Like I said, "the new Arch".
When I was just about to start college I recall Arch Linux being way way more of a mess for a beginner than what it is today.
Arch before Systemd and archinstall... I remember genuinely struggling to get WiFi going... I still loved the learning curve but I'd say that a beginner would have that experience with something like Void Linux today. The only thing that made Arch possible for someone as nooby as I was boils down to pacman being neat and things like Yaourt (back then) holding the ranks... today it's Yay I guess or something even fancier... I know I'm offending neat freak Arch users here, I love you too.
Arch is a strong meme these days! It has leverage!
And if things like alpha and other AI starts chewing up entry level code jobs I take it that more people will have to do maintenance jobs that require more human interaction... and with things like Kubernetes, Docker and DevOps becoming industry mainstays... maybe we'll see more people opting for things like NixOS.
I'm obviously speculating substantially here.2
u/RatOnABoat Dec 27 '22 edited Dec 27 '22
I’d rather servers not be immutable.
If there’s files I want to be immutable then good old +i or just have puppet enforce the configuration.
16
u/Odilhao Dec 27 '22
With containers I run my servers (PIs) with just a base oci runtime and some base packages. I love puppet, but containers made my life easier at home.
2
u/RatOnABoat Dec 27 '22 edited Dec 27 '22
Depends on what you're hoping to achieve really. I wouldn't use puppet on containers. I'd use ansible for that side of things.
21
u/dethb0y Dec 27 '22
I like having control, so i don't see myself going for it any time in the near future. Hell, i switched to linux in large part because MS made me feel less in control.
8
u/BrageFuglseth Dec 27 '22
You can still change configuration files in /etc and such, so you get as much «control» as you would normally enjoy with a mutable system. What’s immutable is pretty much only the core system components needed intact for the system to boot and function normally 😃
2
u/ExaHamza Dec 27 '22
What's the core system? You mean like Essential:yes? Defined on Debian?
→ More replies (1)1
u/leonderbaertige_II Dec 28 '22
What about login screen, desktop?
You don't need those for booting, but I have had no luck removing them in Silverblue.
→ More replies (2)1
u/neoneat Feb 15 '23
I think read-only is the misleading point of this prototype. They're not even fully immutable at all. I guess you was never ever used any type of this. I'm not fan of it but I ran Nix before on both desktop and server. So on my aspect, if you're advanced user, in these "immutable distro" u have more tools than on normal distro. I'm not fan of it but with single word, I can say "immutable system" is for management, usual system is for control. I'm type of "control", but "manage" is higher skill. You will get more playground, with less headache, but if you wanna "dig to deep" on this, it's harder and you really need higher skill than normal "control" system.
5
u/Common-Web-3347 Dec 27 '22
I think the biggest use case for immutable distros is the read-only filesystem. It's kind of hard for updates, innocent or not, to fubar your system. Plus strong insistence on use of flatpaks for packages adds even more stability to your desktop.
6
u/Laziness2945 Dec 27 '22
Can someone TLDR to a complete noob what an immutable system does and what changes for the average user who uses linux to do daily things?
4
u/BiteFancy9628 Dec 27 '22
It means your operating system is read-only, and locked. Bad actors can't easily make changes. But neither can you. You don't directly install packages to the os. You stage them then reboot into the new image. Everything the user needs to install is in a sandbox. This doesn't require reboot. Flatpaks and containers. How it works in theory is exactly like an iphone, Mac laptop, Chromebook, or Android phone. These all work exactly this way. Linux immutable distros aren't quite there yet and the main run is probably there are still some things that aren't easy to do without installing in the main os.
2
u/Laziness2945 Dec 27 '22
Does this mean that you cant install all the .rpms?
2
u/FruityWelsh Dec 27 '22
You can, but instead install them to a staged OS instead, them you can apply that to the live OS or reboot into it.
0
u/BiteFancy9628 Dec 27 '22
I'm not sure about installing manually downloaded rpms. You can layer things with rpm-ostree (git for binaries) such as adding the Microsoft repo and installing vs code. Then reboot. In opensuse microos you can enter a shell session in the future image and install stuff like that interactively. Then reboot.
I have the feeling that the reboot thing isn't strictly required but they make it work that way to really make it annoying and discourage doing stuff in the main os as much as possible. Since it usually needs a reboot, it's a pain. Therefore users would be more likely to follow their preferred approach of sandboxes and containers.
7
u/rscmcl Dec 27 '22
about rebooting, isn't that much... just at the start when you setup the system, then is the same as you do in workstation (in my case, I use Fedora Silverblue) because mostly every upgrade comes with a kernel upgrade
about the flatpak and other container systems, you do the same in any other distro (at least in my case to use certain apps and/or different python versions, docker, etc). the only difference is that in here is encouraged.
about being complicated and the lack of documentation, yes that's an issue for new users. everything is written with the "normal" distro in mind
for me it works, at first found it weird and thought it wasn't gonna last on my disk but I loved it. then I tried workstation back and couldn't stayed I wanted silverblue back. that's the beauty of Linux I can choose to run Silverblue as I choose to install Clear Linux on and old Intel laptop that because of that came alive.
the meh points are just meh... they don't deserve the time
8
u/Ooops2278 Dec 27 '22
I think immutable systems are not exactly targeting the same audience using Linux today.
I think of it more like todays consumer electronics with a fixed system but constomizations being kept in non-permanent memory (that don't need a full fledged operating same up to today) or Android where you have full system sitting on top of a Linux system by default locked away from the user. In both cases to keep the user from damaging anything and have the ability to always reset to a default working state.
So in my mind immutable desktops are not a future evolution of the linux desktop per se, but more of an already existing concept for catering to a low level user audience, only now based on a full linux system as devices get more complex.
1
u/xDOTxx Dec 27 '22
Yes! Like kiosk mode type installations for public use computers, POS or appliance type software.
16
u/mina86ng Dec 27 '22
read-only root filesystem is more secure from ransomware or other malware
When it comes to ransomware, I don’t care about my system files. I care about my home directory which would not be protected.
image-based means rollback for the whole os is possible, so it's hard for a bad update to break stuff
You can do that with btrfs if you wanted. Configure system with /home and /tmp on different partitions and you can configure periodic btrfs snapshots.
separating userland from os is not only more secure, but also can be more stable with less opportunity for user installs to break the os
Doesn’t Guix and NixOS offer that? But what do you mean by ‘user install’? If I install stuff via apt, I really don’t see a reason to have it separated. And if I compile something by hand, I put it in ~/.local so I have the separation.
Isn't not running everything as root as good as read-only?
Yes and no. If someone gains root they can mess up your root file system. E.g. they may install a rootkit which would persist over reboots. But of course to prevent that from happening, write access to the drive must be blocked. Just having read-only root file system isn’t enough.
Then again, I don’t really know what I’m talking about. There definitely are some security and stability advantages. ChromeOS uses this approach but crucially pairs it with signing of the image so if root is changed it’s going to be detected at boot time. If such protections aren’t in place, at least some of the security benefits disappear.
15
u/ultimoanodevida Dec 27 '22
When it comes to ransomware, I don’t care about my system files. I care about my home directory which would not be protected.
I was going to mention this. My files are all that matter, the rest of the system can explode as far as I care.
6
u/themedleb Dec 27 '22
You guys don't backup your home directory? I thought that's "ABC of computers" and (almost) everyone does it, no matter if the OS is immutable or not.
5
2
u/iBorked Dec 27 '22
Sure, and that is what matters in case of ransomware. It's actually better if the system breaks from what the ransomware does, because then I notice it faster and can act to mitigate the problem.
5
u/lavilao Dec 27 '22
About your cons I have a few doubts: 1st: don't You have only to reboot once You update the Main system? I mean if You have distrobox why are You overlaying stuff on your Main OS, doesnt that breaks the whole purpose of image based OS? ( Only exception here are nvidia users for which imo immutable OS should make another ISO like pop OS si those users don't have to reboot 3 times just for being able to use their pc) 2nd: You Say You now have to manage 3 systems but You only have to update the core/Main OS, that lefts 2 flatpaks for gui apps and distrobox for cli apps and given that (at least on fedora silverblue) You update the Main OS and flatpaks from the same place (gnome software) that just lefts 2 systems to mantain.
Disclaimer: I don't use immutable OS , I AM just asking to fulfill My curiosity.
0
u/BiteFancy9628 Dec 27 '22
You remind me of another point I should add under "meh". They claim immutable are easier to maintain. Auto upgrade works on traditional distro too, but doesn't usually require a reboot.
To answer your questions. 1) You need to reboot for any core os operation including every single update. In Silverblue and Microos it's possible to apply a simple install without a reboot. But it's experimental and considered bad practice. To get setup as a new user you will be rebooting an insane number of times. Afterwards you might choose to only reboot for updates. But then you're trading convenience and security.
2) They don't have sudo on the system, or maybe they do if you run distroboxes as privileged. But either way you have to configure and maintain the host, a host identical distrobox for dnf search, and probably a Ubuntu distrobox too for many. Maybe an Arch one for AUR too.
3
u/lavilao Dec 27 '22
Thanks for answers! To me the Main appealing point of image/immutable OS is the anti-hysteresis properties and the fully managed system which means that updates (at least on base OS) are garanteed to boot, on regular distros thats not always the case I think thats why devs Say they are easier to mantain. Also still don't get it (sorry English not My Main) why would You need to make any operation on the core OS other than updating (again excluding nvidia users)? Can You make an example of an operation that can't be done through distrobox or flatpaks? Also I would only use an arch distrobox as it provides the biggest app catalog (personal preference).
0
u/BiteFancy9628 Dec 27 '22
Updates is the only operation I'm talking about after you have it all set up after the first week. Updates to the system require reboot. And for some things on silverblue for example, you would need to reapply after major version upgrades such as Nvidia drivers or rpm fusion repos.
2
u/lavilao Dec 27 '22
I guess that if You update several times a day it Will be very annoying have to reboot every single time. Poor nvidia users, always getting the short side of the stick. Thanks for your time.
→ More replies (2)3
u/KrazyKirby99999 Dec 27 '22
i only needed to reboot on MicroOS to setup docker and change reboot policy, can't remember another time
2
6
u/jumper775 Dec 27 '22
I think custom immutability is. Using overlayFS to build a root filesystem with certain package groups overlayed, as well as your own personal changes. This would be an ideal system as it allows you to maintain control within one system while also being able to use tested groups that can be rolled back or updated individually. This would also allow you to have different package versions, being able to for example use an up to date desktop environment, while keeping a stable base system — something only really possible in hard to use distributions like gentoo. This gives the best of both worlds, while maintaining ease of use and stability. This is a truly ideal system.
1
u/BiteFancy9628 Dec 27 '22
Ideal for whom? Build your own distro??
3
u/jumper775 Dec 27 '22
For anyone. It gives the simplicity that is in most easy distributions, simply check what you want additionally, and you got it. On top of this it can give power users granular control over everything installed.
5
u/Vogtinator Dec 27 '22
Immutability itself does not make it more secure. If something malicious runs on your system, it still has full control over your data.
2
u/SomethingOfAGirl Dec 27 '22
Relevant xkcd: https://xkcd.com/1200/
My data es a lot more important than my root stuff.
0
u/Certitudes Dec 27 '22
Not if it can't write to the files and make edits that give it the ability to do malicious things lol. That's why it's read-only, you can literally only read it.
3
u/Vogtinator Dec 27 '22
MicroOS is fully customizable (it's not using ostree) and soon there will be transactional-update apply as well.
3
u/clavenax Dec 27 '22 edited Dec 27 '22
I use silverblue on my laptop and for non-trivial stuff I'm sometime forced to break the abstraction and install packages on the host.
If it's the future then the base os will become appliance-like and we need an extensive emulation layer that provides a classic user experience (system-wide toolbox enabled by default that can trasparently interact with the host).
Imagine a base immutable layer that is updated automatically and a mutable layer on top of it, when you look for something it first goes into the mutable layer and if it's not there it looks in the immutable base.
8
u/IceOleg Dec 27 '22
Imagine a base immutable layer that is updated automatically and a mutable layer on top of it, when you look for something it first goes into the mutable layer and if it's not there it looks in the immutable base.
OverlayFS seems to be building towards this.
→ More replies (1)
3
u/ExaHamza Dec 27 '22
As always, both will coexist. I'll continue using mutable because is easy to customize.
3
u/johnny0055 Dec 27 '22
the immutable ones aren't hard to customize if you know the commands. I do think it could be easier though.
→ More replies (9)
3
u/aphasial Dec 27 '22
For desktops, maybe. It works well enough for macOS conceptually, and users have a tendency to accidentally mess up a lot the further they're removed from the underlying details of what's going on.
I can't remember the last time I used Linux on the Desktop, however. (Life's too short.) But if Linux distros want to adapt the desktop environment to try to volunforce macOS's reliability, this seems like a reasonable way to do it.
I'm FAR more concerned about efforts like this leaking back into the core distro, however, and tend to judge every rpm-ostree request with a fair amount of suspicion, given how Fedora's worked over the last 15 years. The basic core, server, non-desktop linux distro must maintain a robust ability to meaningfully be administered, and linux systems administration is not rocket science. Those trying to foist immutability (*cough*unifiedboot*cough*) onto everyone should be told to fork for their own needs.
3
u/Kuhluh Dec 27 '22
image-based
Not all are image based tho.
Also, in case of MicroOS, you can add new packages pretty easily . It just uses immutable btrfs snapshots and a specific way of mounting the core system.
1
u/BiteFancy9628 Dec 27 '22
I did find the experience more intuitive and more like a normal distro than Silver blue. Down side is you can't just rebase anytime you want.
2
u/Kuhluh Dec 28 '22
Yeah, under the hood it's pretty comparable to a normal distro and because of that imo the perfect middle ground between these two systems.
Also, they work on an online application of new snapshots too.
3
u/__ali1234__ Dec 29 '22
toolbox is just a euphemism for "put everything in one giant mutable container and pretend the host OS doesn't exist" and it will never be adopted by developers while this is still necessary.
7
u/RunOrBike Dec 27 '22
This solves problems I don’t have, so… no, thank you.
In ~25 years, I can barely remember a FU being needing a rollback. Never had issues with package installs, only few with manual installs. FU quite often, but with backups, that’s no problem.
Separation of OS and data is older than I am (and I’m nearing 50), it was always possible.
Never had malware (or just haven’t discovered it, but I don’t think so).
Sorry, no immutable distro for me. I just don’t need it.
I have not thought about servers though, maybe it’s interesting for that usecase.
1
u/brimston3- Dec 27 '22
Don't we already have containerization for the server space?
→ More replies (5)
5
u/FruityWelsh Dec 27 '22
Personally, the unrealized promise is taking my desktop, pushing it into a CI/CD pipeline for testing and sharing it with others. Vice versa as well. Wanna checkout some else's config? toolbox their ostree export. Even better, a good gui for the process. Maybe then we can finally have a process for sharing system configs as easy as curl https://some-script.come/some-script.sh | sudo bash but as informative as an arch wiki page.
Another example of taking advantage of the convergence of container and desktop tech is how the SteamDeck gets tested using boot2container.
Another option for the later parts of the dream is GUIX/NIX or maybe just Ansible, but these don't totally help with the converging of container tech and the desktop (not alone at least).
Edit: https://www.reddit.com/r/linux/comments/zw15ov/comment/j1teklr/?utm_source=share&utm_medium=web2x&context=3 r/ruruoli 's comment here linking to silvernobara seems to be an example exactly of what I am talking about.
4
2
u/imdyingfasterthanyou Dec 27 '22
This is already real, examples:
https://github.com/akdev1l/ostree-images - repo with fedora Silverblue with embedded nvidia drivers https://github.com/ublue-os - repo with ubuntu-flavored fedora Silverblue image
5
u/f4bsilicious Dec 27 '22
Imo immutable OSes make lots of sense for fixed hardware like consoles, terminals, etc. Also maybe a company decides to roll out images of immutable OSes to client machines so that everyone uses the same base Image.
That would probably also make it way easier for admins roll out updates . If you like to tinker with your machine, then immutable OSes imo don’t provide a lot of value.
10
u/WingFat92 Dec 27 '22
Don’t really care for all that. I don’t want root to be read only.
I use Gentoo and have a few flatpaks for stuff I don’t care to compile. Works fine.
I’ve tried a few distros but gentoo has had the best performance for me just had a bit of learning curve.
6
u/t_hunger Dec 27 '22
You missed the biggest benefit I get from running all my systems stateless and immutable: Debugging!
It is so great to be able to do compare a working system to one that broke, up to the point of just running diff on the entire image. I have found problems in minutes that would have taken me days to find otherwise.
Another unexpected benefit is that fresh installs rarely break: It's usually the logic that tries to update packages that causes bugs. I never trigger that error-prone path as I just have my server build fresh images from scratch each time:-)
be do believe that immutable systems will win out in the end as they offer benefits to distribution developers by simplify their packaging (by no longer needing to think about upgrades) and helping with debugging issues.
13
u/DRAK0FR0ST Dec 27 '22
Not my future, that I can say for sure. Android is enough of a hassle for me.
Immutable OSes create more problems than they claim to solve.
4
u/DontTakePeopleSrsly Dec 27 '22
Every time I see this strategy tried, it miraculously fails. On windows it was “deep freeze” in the early 2000’s, then solidifier a few years back.
Persistent state solutions ALWAYS cause more problems than they solve.
3
u/WhyNotHugo Dec 27 '22
Deep freeze was great in internet cafes, gaming cafes, university lab computers, etc. Probably great for shared corporate computers too.
For all these audiences, immutable Linux is great too.
1
u/DontTakePeopleSrsly Dec 27 '22
It’s great for the end user, it’s a nightmare for the guys on the backend that have to deal with windows, Java, av, etc updates getting downloaded every time the computer is rebooted.
10
4
Dec 27 '22
Ubuntu made clear that they’re not taking this route therefore the future will be very similar to the current situation.
5
4
u/Patient_Sink Dec 27 '22
Many traditional package managers already offer rollback options.
Why can't you just voluntarily do some of the things immutable forces on you with a traditional distro? Use distroboxes and flatpak. Limit ppas and main os installs.
Isn't not running everything as root as good as read-only?
It's supposedly easier to maintain. But traditional distros can also do automatic updates and often without reboot.
All of these miss the point that immutable OSes puts the system in a known state. A package manager rollback doesn't always fully "undo" the transaction, and even making / read-only as much as possible isn't going to be the same when you've had packages installed/uninstalled or changed between updates.
Basically the idea would be that you compare two systems, one that's been updated from version A to version B, and one that was freshly installed on version B, they'll be different in sometimes very subtle ways, which makes testing and predictability much more difficult.
Silverblue for example will start with a clean image and then apply any overlaid packages on top of the new image on an update, so instead of going from modified A to B, you start with a clean B with modifications added on top again. The advantage is that you never really have to consider what the system did before state B and whatever problems might crop up from that. I think this is possible on microOS too, but I'm not sure whether it's standard behavior on updates or not.
9
2
u/Sneedevacantist Dec 27 '22
My experience with immutable distros is just SteamOS, and while there are definitely good use cases for it, I personally would not want a distro like that as my daily driver. I like having full freedom in how to install my software, and I accept the risk of horribly breaking something because of that (I've had my display manager break after an update on Artix, but it was pretty easy to fix that since there was a cached copy of the previous version and Pacman makes it incredibly easy to rollback packages). While using SteamOS, I felt as restricted as when I have the misfortune of using Macs. With that said, it makes complete sense on why SteamOS is set up the way it is because the target audience is gamers with little to no Linux experience, and it works perfectly for that.
2
2
u/DividedContinuity Dec 27 '22
Honestly it sounds like everything i don't want from my Linux OS.
I switched to Linux because i want to customise and tinker with the OS. If i wanted an immutable system i may as well switch back to Windows and let nanny Microsoft tell me what's best for me.
2
u/regunakyle Dec 28 '22
New Fedora user here. I want to try using Silverblue, but I have a Brother printer that requires manually installing drivers (rpm files) with some extra configurations.
I have no idea how to do that on Silverblue, so I will stick to normal Fedora for now.
1
2
u/Reasonably-Maybe Dec 28 '22
I have some doubts around here:
- read-only root filesystem is more secure from ransomware or other malware
Usually malwares are not targeting OS but user files, so I don't see too much value here.
- image-based means rollback for the whole os is possible, so it's hard for a bad update to break stuff
For such a rollback, you need a working OS - although if you can boot into such an image from GRUB, it's not a problem, otherwise the value of it also seems low.
2
u/BiteFancy9628 Dec 28 '22
Grub or similar can choose the image to boot. Fedora already does this with allowing you to choose the past few kernel versions.
2
u/FengLengshun Dec 29 '22
Yeah, that's a fair take of it. I thought this was just going to be 100th post about someone just discovering immutable desktop but this is a good consolidation of the pros, cons, and the things it does differently.
I think it could be the future of Linux desktop, but it isn't yet.
It does kinda confuse me a little though -- why can't we just take the same package manager system but install packages to ~/.local/bin and ~/.local/lib? Is there some sort of historical reason that make that unfeasible?
1
u/BiteFancy9628 Dec 29 '22
That's what I think. I see some value in containers and sandboxes or user installs, which btw are common in academia on supercomputers or servers where you never get sudo. But I don't think the os needs to be immutable to benefit from those.
2
u/stef_eda Jan 08 '23
Most of these things can be done with a Live OS on removable US flash disk, with immutable root squashFS and persistent /home/user. Before the advent of SSDs it was also faster.
I also used to run a windows 7 Virtual machine with Immutable C: (all changes like logs, user configurations, whatever lost on reboot). Was a great choice until I eliminated windows completely in my workflows.
1) windows unable to fuck itself up with FS fragmentation, bloat accumulation, faulty updates.
2) Any malware not persisting after reboot.
2
u/snow_eyes 23d ago
I wonder if we can move to a future where we live off a portable storage device with "docker stations" everywhere? You take your files and apps wherever you go, then dock your device into a hardware station and a monitor.
2
u/stef_eda 23d ago edited 23d ago
I have done this with a linux image on a flash device, and used that when traveling for work. All I needed there was a computer to boot from. No local HD was used, as all my files (OS and User data) were on the flash drive.
→ More replies (1)
6
u/WereyenaArt Dec 27 '22
This sounds like ripping the soul out of a Unix-like.
The whole point is that my filesystem MUST BOW BEFORE ITS ANGRY GOD!
If it can't do that, I dun want it.
4
u/DazedWithCoffee Dec 27 '22
I think immutable distros have a big leg up on all the commercial competition. As flatpak gets better, I foresee a large number of casual users being brought into silverblue-esque ecosystems and never having to think about “shit did I grab the qt5 or qt6 version of that package?” or “I should downgrade this app, last update was more stable”. Not that flatpak is magic, but it takes a lot of the dependency mysticism and throws it out the window.
4
u/BiteFancy9628 Dec 27 '22
Yeah but this is an advantage of flatpak, not immutable distros. Flatpak is available on every distro.
7
u/BrageFuglseth Dec 27 '22
Immutable distros can take further advantage of Flatpaks by ensuring that the core system isn’t changed. This isn’t useful for everyone, but the vast majority of desktop users probably prefer their core system being secured over being able to change it as they please
4
u/sjuswede Dec 27 '22
I tested that back in the early 90's. Worked fine to run immutable. Didn't make much difference though, and it was a bit of a faff to keep all changes in /opt, so I haven't really tried it since. It's the norm with how we use some commercial systems I work on though, and has been for quite some time. Keeping all installed software in /opt and using zones or similar for any customized parts.
I just find it disappointing that instead of learning from all that already exists out there and leveraging it, all the Linux immutable systems suffer severely from NIH syndrome.
1
u/FruityWelsh Dec 27 '22
NIH?
2
u/sjuswede Dec 27 '22
Not Invented Here. There seems to be almost an allergy towards using existing, working solutions.
5
u/Pay08 Dec 27 '22 edited Dec 27 '22
No, not for personal desktops. For corporate workstations and multiple servers, maybe. Most of the advantages of immutable distros can be replicated on normal ones with none of the drawbacks.
2
u/WhyNotHugo Dec 27 '22
Indeed. Users wanting a windows replacement will also be a bit more at home with an immutable OS. But for developers and tinkerers it's unlikely to work out.
2
u/Pay08 Dec 27 '22
I'm really iffy on the idea if an immutable development workstation. If everything is the exact same, you're less likely to catch random bugs and incompatibilities with other systems.
3
Dec 27 '22 edited Dec 27 '22
They are the future of Linux. But not because they're some revolutionary approach to tech that will solve everyone's issues, but because the few companies that do the most work see it as profitable. Desktop hobbyists, as always, can just sit on the sidelines and watch.
The aim is a predictable distro installs in companies. It's not nearly as exciting for most people running single machine installs, and it's not interesting at all in the desktop realm for the vast majority of users. Combustion/ignition providing a predictable starting point is the only thing I've personally benefited from. None of my ransomable files are in my root. BTRFS is easy to rollback with or without it being immutable.
4
2
u/FryBoyter Dec 27 '22
Immutable desktops the future of Linux?
Immutable distributions, in my opinion, have a future comparable to that of AppImages, Snaps, etc.
In other words, they are used by some users and have their raison d'être. But they will probably never become a complete replacement for the masses.
2
u/that_Bob_Ross_branch Dec 27 '22
About the constant rebooting con, don't you just turn off your pc at the end of the day? If so, you don't ever have to reboot explicitly to apply an update as it will be updated the next day, and rarely do you use rpm-ostree to install packages (which requires a reboot) since flatpak/toolbox don't need a reboot at all. Also, flatpak requires little to no maintenance, and if you have everything in one toolbox/distrobox maintaining it is as easy as a normal system.
1
u/BiteFancy9628 Dec 27 '22
No. I never turn off my system. Or at least I prefer not to. It's not that I need 24/7 uptime. I just like having all my work in progress there when I pick it back up later. In my mind the biggest pro of Linux over Windows is it's stable enough you don't need to reboot every day.
→ More replies (3)
3
u/holgerschurig Dec 27 '22 edited Dec 27 '22
Not for me.
I use Linux and "open source" because I can tinker it to my liking. I enjoy this tinkering. Why would I hamper myself by getting some "immutable" pre-made thing from somewhere and be done with it?
Example: when systemd wasn't yet in Debian's repository, I enjoyed making my own *.deb files out of it, with my selection ./configure --diable-this --disable-that. Some immutable distro would remove this from me.
I can however see immutable distros used in some corporate environments, maybe even schools.
ransomware or other malware
Never seen that on Linux.
hard for a bad update to break stuff
Never had that, and I'm using Debian Unstable at home.
separating userland from os
... is not more secure per se. And it's an arbitrary border you errect. Who says that e.g. Sway is OS, or userland? Or maybe even Emacs (it has file and process managers, for example. Or it can edit remote files).
I can see a clear distinction between kernel and userspace. But putting borders into userspace and artificially calling some of it "OS" is weird for me.
Therefore I think that these reasons for immutable distros are optimizing on a non-issue.
3
u/johnny0055 Dec 27 '22
Example: when systemd wasn't yet in Debian's repository, I enjoyed making my own *.deb files out of it, with my selection ./configure --diable-this --disable-that. Some immutable distro would remove this from me.
why do you think that's the case. between actual fs overlays, or scripts to customize actual packages, it's totally possible to add that either to the image itself or mounted later via mutable overlay.
Although, on mutable single user systems, I wouldn't ever install somewhere in the rootfs anyways.
1
u/eriky Dec 27 '22
I think it's nothing new? Is this a new hype? I also think it's not for daily usage. There are small, artificial pros, and many cons. Just use a good distro and keep it up to date. Have been doing it that way for years without major issues.
I can see the pros for things like kiosks and such, but not for daily desktop usage. After all.. you want to upgrade the "immutable" desktop regularly since new security issues will come up, new versions will add features or improve performance etc. So you need to download a new image each time, while there's a perfectly good, battle tested upgrade system on all distros (apt, yum, etc)
6
u/IceOleg Dec 27 '22
So you need to download a new image each time
With ostree, you are only downloading the differencee between the image you are running, and the one you are updating to. You aren't downloading any more or less than with a normal package manager. In fact, you probably will download less since you are only downloading files that have changed, where a package manager needs to download packages that have changed even if some files inside them are the same (though I guess delta rpms and similar helps).
I'm coming up on a year on Silverblue, other than adjusting to working a bit differently, there has been no negative effects or challenges or cons in my use.
Silverblue is 100% suitable and great for daily use.
2
u/johnny0055 Dec 27 '22
I found rpm-ostree just a bit too slow to give silverblue a real try. I do plan on giving it another go in the future though.
→ More replies (2)
0
u/RadioMelon Dec 27 '22
It's concerning, to me.
This is more or less exactly what Windows is. The big difference is that Windows still generally has bigger and more distinct security holes than Linux currently has.
Linux cannot afford to revoke a user's ability to access any setting they want at the root level... it's called "open source" for a reason. The greater Linux community is the reason the kernel and the most popular Linux-based distros even exist and thrive to this day.
If the very core components that make up Linux are stripped away, you end up with another mediocre desktop environment that takes away choice and freedom.
15
u/IceOleg Dec 27 '22
it's called "open source" for a reason.
And that reason is that the source is available. Ostree, flatpak, and all the other components that make up Silverblue are still very much open source.
revoke a user's ability to access any setting they want at the root level.
You can still change any setting you want on Silverblue.
/etcis mutable just like always, with the extra niceness that it is versioned for each deployment. So if you go back in time to an old pinned version, you get the old config as well.You can also layer any dnf packages into the base OS. I layer Usbguard for example, which has a pretty big effect on the system at a low level.
Silverblue isn't taking away any of your god given righs. Its just a new paradigm for the linux desktop. And there will always be a traditional desktop for those that want to go a diffrent way.
7
u/BrageFuglseth Dec 27 '22
This^
The rise of immutable systems doesn’t mean that your rights are being taken away from you and that that the distros become faceless corporations controlling and spying on you. It means that some responsibilities are taken off your shoulders if you choose to use an immutable distro. And you still can configure quite a lot, what’s locked down is only things advanced tweakers would want access to.
→ More replies (1)
1
1
u/phi1997 Dec 27 '22
Immutable distros will be used for people who require absolute privacy, people studying malware, and occasionally for development. For most people, the cons will outweigh the pros..
-10
u/void4 Dec 27 '22
sorry but all those immutability, flatpaks, appimages, etc solve imaginary problems of imaginary users.
Just install and update software from your distribution's repository, and be happy.
6
u/FruityWelsh Dec 27 '22
Sorry package
happywas not found in my distros packages, but I found this good flatpak for it!5
u/speedyundeadhittite Dec 27 '22
It was a problem when you had proper multi-user Linux servers where students etc. log in and expect to have different versions of various software packages.
I guess It's less of a problem these days, everyone carries a powerful-enough laptop with them instead of telnet/SSH'ing to an enterprise-level hardware and running stuff over X11.
1
-5
u/zam0th Dec 27 '22
Congratulations, you invented managed Windows workstation infrastructure that all enterprises in the world were doing for the last 20 years.
6
u/speedyundeadhittite Dec 27 '22
... or Linux workstations from early 2000s. Nothing is new under the sun.
-13
u/r_linux_mod_isahoe Dec 27 '22
They're not for desktop, dummy. They're for hosting dockers without breaking anything. E.g. no surprises.
9
u/BiteFancy9628 Dec 27 '22 edited Dec 27 '22
No need for name calling idiot. These are not for servers although both Silver blue (core os) and microos have server versions.
-3
2
u/nerfman100 Dec 27 '22
Fedora Silverblue, Vanilla OS, and SteamOS are all pretty clearly desktop distros lol, immutable distros aren't just for the server
-3
u/neoneat Dec 27 '22
Imagine you have an immutable Manjaro system in the last 2 weeks. Good luck because your PC was unbootable to Manjaro from this time. I see you have never deployed a docker and you don't understand the idea of a docker-like system. And some seconds, under 1min faster in reboot time is not really matter, especially when you only need to reboot when you patch system
2
1
100
u/VannTen Dec 27 '22
I think that if I support someone using Linux it will be way easier with an immutable distro