The only benefit for a normal desktop user, who never plans to write code (or deploy stuff on multiple PCs) is that immutability makes updates far safer and easier.
However this is the single largest weakness the Linux desktop has. Everyone can use a linux computer, maintenance though is always a problem. No one has succeeded at making a regular distribution that never needs command line intervention and a degree of knowhow to unbreak. (not counting Chrome OS) Maybe someday soon we’ll have an immutable distribution that’s truly just install and forget. (with good DE options like the new cosmic or even a carefully put together Hyprland rice)
I’d just like to add that after using ubuntu (as a newbie), then arch for several years I recently switched to bazzite (atomic fedora with steam/gaming focus) on my daily driver.
It is SO NICE to have everything just work. And steam games that I never got working on other distros just run out of the box. Everything just works, and it doesn’t feel bloated at all like ubuntu.
I use Fedora Silverblue and I love that my system is exactly the default out of the box distro, with just a couple diffs that are tracked in rom-ostree.
I’ve had frustrations in the past where I install packages to try something, then remove them and forever have something hanging around. Eventually one of those things inevitably breaks an upgrade or dependency resolve.
Installing apps as flatpacks is fine. I don’t love the duplication of system files, but do love that the apps aren’t tied to my distro version.
I also like that all updates happen silently in the background and I just reboot once a week or so. Never think about it.
I feel like the Fedora Atomic distros are great for people who mostly just want a working system and not to tinker endlessly. You can tinker, but it isn’t the default and it’s basically impossible to get into a bad state permanently.
I think the only thing holding me back from going for immutable Linux is desktop virtualisation. VirtualBox and VMware can’t be installed on an immutable distro AFAIK, and libvirt isn’t all there for Windows guests.
what issues have you had with libvirt and windows? Once you get the windows drivers installed, it works pretty much the same as other solutions. only thing thats still a pain in the ass still is shared folders.
Mainly GPU acceleration without passthrough from the last time I tested (Modern Windows is slow without it and passthrough might be an issue on immutable distros), but shared folders is something I use quite a bit on VMware. I remember trying virtiofs when I used passthrough, and it was suffering.
I have been trying to understand this for a minute and I can’t seem to understand why you would use it on a personal workstation.
Like it makes sense for servers, and for deploying accross multiple systems in a corporate or public setting, but beyond that it seems like it is just adding unnecessary steps if you try to use it on your personal rig.
Maybe I’ll need to just give in and try it for a week to a month to see the appeal
It’s much harder to break if you’re prone to tinker. And there’s no configuration drift that naturally accumulates over time as you tweak a system, so it always runs like a fresh new installation.
I have learned much more on immutable OS because I’m no longer afraid to tinker around and try new things. I play in distrobox and can completely nuke the container without affecting my whole system.
Help me understand what I don’t then. Why would anyone wise ever trust someone they don’t know running closed source software of any kind on “their” computer?
I don’t trust that asshole. I know him enough to not trust him let alone make my computer follow his directions. Why use anything but FOSS?
honestly i feel exactly the opposite, I don’t think it’s really necessary for servers as tools like ansible are already well established in that space. Plus most servers are VMs these days which can be snapshotted easily. Also, lot of these “immutable distros” require a reboot to apply changes which is non ideal in a server, but a non issue for desktop as you can shut it down when you go to sleep.
I run fedora atomic on my desktop and laptop because i never have to worry about my system getting into a broken state, I can always roll back or even spot the problem and fix it before i reboot to apply the change. I know a lot of people say you can accomplish the same thing with btrfs snapshots, but that requires extra thought and effort on my part, where fedora atomic it happens automatically with every update.
Again I haven’t actually tried it. I went to install fedora kinoite(?) On an extra laptop I have to try it out but apparently the memory isn’t seated correctly, so I will have to fix that real quick.
I also watched The Linux Experiment’s video on it and cleared up some confusion
With immutable distros you can try a silverblue and switch to kinoite with a reboot on an already running system and it will just work and run your flatpaks. The base image it runs does not get corrupted. You cannot make changes (easily) to the base to corrupt it. Your apps and files are just an overlay or mounts on top of the system. Your machine lights on fire, if you have a network backup, it will fire up on any hardware and be the same. It’s much cleaner and allows for easy os switching.
You could theoretically make windows work and be switchable.
If you’re using gnome/kde, I see no reason not to run immutable, the advantages of not being immutable are that you can piece together your system, if you’re running i3/sway/whatever, being able to choose your panel, your launcher, etc actually has value.
The advantages of immutable are that you’ll never end up with a broken system, you can easily roll back to a not broken one if something does break, and the system is separate from your apps.
I was able to break fedora silverblue by messing file permissions in the home directory. Toolbx then stopped working, without which the distro is unusable.
You can also make chaneges in /etc and similarly ruin your system.
Just saying they aren’t quite as “unbreakable” as advertised.
all changes in etc are snapshotted with each update so you could just roll back to your previous version and it would fix it.
I assume you meant you messed up permissions in your home directory, and yes that is pretty much the only place you can permanently mess something up with silverblue.
I tried Silverblue for about an hour. Got pretty sick of “Changes queued for next boot. Run ‘systemctl reboot’ to start a reboot” real quick. I don’t see how this is an improvement.
You should be installing software with stuff like flatpak, toolbox or distrobox. If you treat the immutable image as a mutable one there really isn't an improvement except for less of a chance of instability of updating/changing software that's running in memory already.
I can do that in Ubuntu… I’ll admit I simply don’t see the point. Immutable distro users seem paranoid about “some random update messing up their base OS” for some reason and I guess this suits their purpose. I just don’t see that as a problem.
Most people aren’t system administrators and they end up with broken computers for the most basic tasks. It’s one of the major reasons why people hate using Linux desktops.
And even if you’re an experienced sysadmin you can’t account for the entropy that accumulates on traditional OSes. 18.04 -> 20.04 -> 22.04 doesn’t end up being the same as a 22.04 clean install. This is a huge problem, especially for people who don’t know how to manage linux systems. And the people who do manage systems at scale don’t want that behavior either.
But day to day I’m in an ubuntu container and using “normal” package management, I just don’t do it on the host.
If you kept a basic minimal Ubuntu host it would be trivial to maintain. And you can still do your “toolbox” stuff on top of it. No weird immutable stuff needed.
I just don’t see the point. You want new users to understand containers. And to keep track of all the containers they maintain - possibly with different distros and using different things. And remember the difference between them and what is installed in each. Or just maintain one big container which is exactly what they would do normally anyway.
If you want it to be then it can. The risk of a failed update is vastly overblown.
You don’t need to understand containers unless you’re using the system for development – which in Linux land means containers.
Oh but you do. 1 hour into using Silverblue I was chastised by other users for “using it like any other Linux distro” when I started installing things into the “base” system with rpm-ostree. “Don’t you know you should be doing that in a container?” I was asked.
I was just installing command-line utilities. Which I’m apparently supposed to do in a toolbox or other container which allows me to have… a mutable distro where I can do all the things I do in a “normal” OS. And which will require updating separately from the host OS. And which don’t quite work right for everything because they’re containers? Like you can’t install httpd in one.
Yes, though keep in mind containers aren't like VMs so the hardware isn't virtualized or anything. The root system and everything in it is still immutable as well. In usage, it doesn't matter for the container but it isn't changing the root since what is writable to the container is outside of the root.
Using containers this way is the way Silverblue was intended to be used for by the user and pretty much any other immutable distro of note.
Yeah - I’m quite familiar with containers. I just don’t see the value they’re adding here. Maybe for experimental things or “project-specific” stuff. but otherwise don’t you just end up maintaining a container same as you would your “host OS” in a non-immutable distro?
Your immutable OS stays stable. For example, running a sudo pacman -Syu with a bunch of stuff from AUR in your Arch container for example will not bring down your OS or otherwise make it unstable. The immutable image you first install has been tested and it is the same image as the testers -- same with the upgrades and updates, so long as you don't overlap the image with rpm-ostree in this case.
Immutability keeps your OS stable and if something does happen to go wrong, you just roll it back.
If that isn't something you need/want then that's not something you need/want.
It’s definitely not - I’ve just been trying to understand the problem it solves for others though and see if it is something I would be interested in.
From what I can tell I can get all of the advantages in a “mutable” distro (flatpak, distrobox, etc.) without the overly-complex “immutable host” stuff.
I honestly don’t get the fear of “some random update ruins your OS”. Perhaps because I’m not an Arch user.
I am an Arch user and I still don’t get it either. When Arch borks something it’s rarely catastrophic. At worst it’s throw in the live USB, mount your drive and fiddle. And as an Arch user, fiddling is something you sign up for.
A reproducible system, delivered in a working state where anything you add is overlayed on top without effecting that system. Branches you can move between Fedora numbered versions as well as going Kinoite to Silverblue, while keeping the same stuff you layered on it.
I’m pretty much immutable across the board on all of my servers and workstations (laptop included). Most my servers are openSUSE Leap Micro and MicroOS. Run MicroOS on the desktop side as well.
Honestly …haven’t had any issues and the maintenance of it is fairly hands off. Few of mine are k8s nodes so that combined with the reboot mgr + transactional-update has been awesome. I spend less time maintaining my homelabs / desktops and eases my focus in just getting work done.
I’ve only had to roll back a couple of times (mainly self-inflicted), so it’s nice having that capability. A lot of this though can be accomplished in a non-immutable world as well.
A note on “MicroOS on the desktop”: The Gnome variant is called OpenSUSE Aeon and the KDE variant OpenSUSE Kalpa. MicroOS branding is used only for server use due the confusing names. Quoting from news.opensuse.org/…/microos-desktop-has-new-name/
Simply put? The microOS product namespace is getting crowded. And this is leading to a certain amount of confusion, and causing some support issues. At present, amongst the microOS “family” offered are: Server Products openSUSE MicroOS openSUSE Leap Micro SUSE Linux Enterprise Micro Desktop Products openSUSE MicroOS Desktop GNOME openSUSE MicroOS Desktop Plasma And I think we can all agree, when somebody joins a support forum of some sort, be it Matrix/Telegram/forums/IRC/etc, and says “I’m running microOS and I have a problem” then the inevitable question of “Which MicroOS?” has to be asked. And by their very nature, the Desktop offerings are quite different beasts, than the server offerings, and have quite different support needs. And typing out “openSUSE MicroOS Desktop GNOME” is just too darn long, every time you want to tell somebody what’s running on your machine.
Better resources usage when running all the apps as Flatpaks. Once you hit the close button, the zygote is killed, and you’re sure that web browser doesn’t run anything stupid in the background anymore.
No, I think they meant that you get better resource usage when you install an app as a Flatpak instead of a system package. You get the same benefit in a traditional distro too, if you use Flatpaks, it’s just that immutable distros kind of force you to use them.
I am using Fedora Kinoite and it has been incredibly stable. I like that I can always rollback to a previous state if an update breaks something. This was a huge issue for me a couple of years ago and I stopped using Linux for quite some time because of that. I haven’t had to roll back anything yet but without that feature I wouldn’t even consider making a Linux distro my daily driver. Installing software is for the most part pretty easy if you are happy using flatpak applications and toolbox. I like that all the packages that I need for my work or for messing around stay in the toolbox container and won’t affect the stability of my system. The only thing I find a bit annoying is that you have to reboot to apply updates. For me, going back to a ‘mutable’ distro is out of the question.
If you want to tinker with the system, if you want to install multiple DEs, if you want to test and change things on your own, you may not like the rigidity of atomic systems.
If you don’t want to tinker with your system and you always want to have a working system, go for it.
In the future it will become easier to tinker with the system (I hope that it doesn’t take the path of android). I hope that more happens within containers and that it mature even more. Maybe the de within a distrobox? That would be awesome but I don’t no the downside of it.
Right now you are still an early adopter. It sounds like the future and for many it will be, but who know what’s next. Especially companies have an interest in fedora’s atomic distros with ostree.
With fedora atomic, lets say i wanted to try out kde desktop for a while. i would first pin my current build so i can roll back to it if i dont end liking kde with
$ sudo ostree admin pin 0
Then i would rebase to the kde branch with
$ rpm-ostree rebase fedora:fedora/39/x86_64/kinoite
Then just reboot. That’s literally it and i would have a kde system with all my layered packages and i could roll back to my old system at anytime.
I’ve been using microos exactly because I like to tinker. Just the other day I installed plasma 6 to play around with the HDR implementation, then decided that it wasn’t worth it and rolled everything back. Worse case scenario I might have needed to reset kde configs in my home directory, but even that want necessary.
In order to avoid headaches I wouldn’t use one today. Instead I’d use a stable OS like Debian Stable or Ubuntu LTS, and use an immutable systems to get applications that are too old in the main repos. For example via Flatpak, Snap and Docker. Stable OSes eliminate most of the non-user caused breakage. The remainder is learning to not break it yourself, which isn’t horribly difficult. Once Debian or Ubuntu release an immutable desktop OS, I’d try it.
Add comment