this post was submitted on 13 Jan 2025
349 points (94.6% liked)

Linux

49009 readers
912 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
nooter692@lemmy.ml
AgreeableLandscape@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
349
Immutable Distro Opinions (www.linuxfordevices.com)
submitted 1 day ago by Kroxx@lemm.ee to c/linux@lemmy.ml
228 comments fedilink hide all child comments
 

I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can't mess with the root without extra steps.

For anyone who isn't familiar with immutable distros I attached a picture of mutable vs immutable, I don't want to describe it because I am still learning.

My question is: what does the community think of it?

Do the downsides outweigh the benefits or vice versa?

Could this help Linux reach more mainstream audiences?

Any other input would be appreciated!

(page 2) 50 comments
sorted by: hot top controversial new old
[–] lnxtx@feddit.nl 135 points 1 day ago (4 children)

Immutable, doesn't mean extreme secure. It's a false sense of security.
It could be more secure.
But during a runtime, it is possible to overwrite operational memory, mask some syscalls, etc.

That's my 3 cents.

[–] Chewy7324@discuss.tchncs.de 18 points 1 day ago

Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing ~/.bashrc and putting a binary somewhere.

[–] vrighter@discuss.tchncs.de 3 points 1 day ago

it doesn't allow changes to stuff that needs root access to change. If you have root access you can do anything, including switching images. It is not more secure. It's not less either

load more comments (2 replies)
[–] vga@sopuli.xyz 5 points 1 day ago* (last edited 1 day ago)

I have investigated the idea and came to the conclusion that immutable distros are essentially a research project. They attempt to advance the state-of-art a slight bit but the cost is currently too great.

Perhaps somebody will some day create something that's worth switching to. But I don't think that has happened yet, or is happening with any of the current distros. Silverblue might become that with enough polish, but I feel that to get that amount of polish, they would have to make Silverblue the 1st class citizen, i.e. the default install of Fedora.

[–] KrispeeIguana@lemmy.ml 66 points 1 day ago (4 children)

It's definitely great for the mainstream. Think of Linus Sebastian who has somehow broken every OS except for SteamOS.

It's not great for me who uses Arch Linux btw with the expectation that if the system doesn't break on its own, then I will break it myself.

load more comments (4 replies)
[–] Grangle1@lemm.ee 20 points 1 day ago (2 children)

I personally vastly prefer mutable distros for my own system, but I understand the appeal for those who like them. As long as mutable distros remain an option I don't mind immutable distros.

load more comments (2 replies)
[–] kibiz0r@midwest.social 29 points 1 day ago* (last edited 1 day ago) (2 children)

NixOS is kinda the best of both worlds, because it does everything in a way that is compatible with an immutable fs, but it doesn’t force you into abiding by immutability yourself.

You can always opt into immutability by using Impermanence, but I’ve never seen any reason to.

Edit: That said, the syntax has a steep learning curve and there are tons of annoying edge cases that spawn out of the measures it takes to properly isolate things. It can be a lot to micromanage, so if you’d rather just use your system more than tinker with it, it may not be a good fit.

load more comments (2 replies)
[–] shekau@lemmy.today 23 points 1 day ago (5 children)

Immutable ≠ atomic

Bazzite is atomic (not immutable), same with Silverblue and other Fedora variants (they're all atomic, even on their main page it says atomic). It's kinda misleading ngl

[–] Guenther_Amanita@slrpnk.net 9 points 1 day ago* (last edited 1 day ago)

Fedora Atomic IS immutable. Rpm-ostree just layers (or hides) stuff on top of the already existing image. If you layer something, e.g. Nvidia drivers, you still download the same image everyone else uses, but basically compile the driver from fresh and put it on top. And that takes time. This is the reason using rpm-ostree to layer stuff is not recommended.

That's why uBlue exists for example. It gives you a sane start setup, where all drivers are already built in into the image. And then you can either use the clean base and add your own stuff to create your own image, or use already great ones like Bluefin or Bazzite, where everything you want is already included.

Atomic just means that every process is either completed without errors, or not at all. This way, you don't get an half updated and broken system for example in case you loose power. Happened to me quite a few times already, but never with Fedora Atomic.

Pretty much anything outside of /var/ (even /home/ is placed inside /var/) is read-only, and if you want to modify your install, you have to build your own image. Therefore, it is both immutable AND atomic.

That's why I prefer the term "image based"

[–] priapus@sh.itjust.works 3 points 1 day ago

Immutable ≠ atomic, but they generally come as a package deal. Bazzite, Silverblue, and all those other distro's that call themselves atomic are also immutable. An atomic distro is just one with atomic updates, and an immutable distro is any distro with a read-only core.

These distro's have started mainly calling themselves atomic because they agree that immutable is a poor description that generally confuses users.

load more comments (3 replies)
[–] rollmagma@lemmy.world 42 points 1 day ago (1 children) 
Immutable vs Mutable

weird        normal
[–] noodles@sh.itjust.works 29 points 1 day ago (1 children)

More like familiar and unfamiliar

load more comments (1 replies)
[–] Chimrod@jlai.lu 8 points 1 day ago

For my needs, I've build a static system with buildroot for a pi zero. No updates, no modifications on the system, no remote access. Some directories are in tempfs, and after a reboot the system is fresh again. when needed, I removed the sd card and copy a new image

I use this board for a pulseaudio/mpd player, it's not intended for a desktop usage, but I'm happy beiing able to configure a system like this one. For me, there is no maintenance, and this is exactly what I wanted

[–] Glitterkoe@lemmy.world 9 points 1 day ago

I love building my own uBlue image. Tinkering is done in toolbox containers, definite changes are baked into the image. Completely custom (to me) and when you get it right it will just work anywhere. If I would brick my PC/storage I can just boot up another and restore my (back-upped) home dir with very little effort.

[–] sic_semper_tyrannis@lemmy.today 12 points 1 day ago

I think they're great. I've got two Linux newbies running some Ublue variant with no issues

[–] Guenther_Amanita@slrpnk.net 27 points 1 day ago* (last edited 1 day ago) (3 children)
  • You can still apply updates live, e.g. on Bazzite (Fedora Atomic) with the --apply-live tag (or however it's spelled).
  • The root partition isn't read only per se, but you have to change the upstream image itself instead of the one booted right now. You can use the uBlue-Builder for example to make your own custom Bazzite spin just for you if you want.
  • Both aren't inherently secure or insecure. It's harder to brick your system, yeah, for sure, but you can still fuck up some partitions or get malware. It's just better because everything is transparently identifiable (ostree works like git), saved (fallback images), containerised and reproducible.
  • And you can still install system software, e.g. by layering it via rpm-ostree. Or use rootful containers in Distrobox and keep using apt or Pacman in there.
load more comments (3 replies)
load more comments
view more: ‹ prev next ›