5 reasons to switch to an immutable Linux distro today - and which to try first
Immutable Linux distros are getting more popular. Here's why they matter.
This is the single most important aspect of immutable distributions. Because the core of the system is mounted in read-only mode, it cannot be changed. With the core system locked down as read-only, it's not possible to change settings in directories like /etc, /boot, /dev, /proc, or other critical locations. That means if you wound up with malware on your system, it wouldn't be able to alter the contents of those directories.
Because of this, immutable distributions are more reliable than non-immutable. Even better, if you accidentally break something, it will most likely be fixed during the next reboot.
Atomic updates are quite different from standard updates. Instead of the OS treating an update on a package-by-package basis, it's an all-or-none situation. In other words, if an update to a single package would break something, the update will not happen and the system rolls back to the previous working state.
You get the same by setting up btrfs snapshots with any regular distro...
With an immutable system, you are always guaranteed to have a bootable system.
Wonder if that issue applies to systems using bootc. rpm-ostree is still involved AFAIK but not for booting.
I got a new PC a couple months ago, mostly for gaming, and I knew I wanted an immutable distro after hearing about the immutable gaming distros. I went with Kinoite since I have plenty of daily driver stuff I still need to do.
So far, the only big issue I've had was figuring out a way to access apps and a desktop for work that I could only get access with the Windows RDP client and a smart card. Eventually, after a lot of digging through docs I was able to work it out by setting up a Windows VM jump box in Virtual Machine Manager with a few additional command line arguments.
Otherwise, no issues at all. The most tweaking I've had to do to launch a game so far was picking a different version of Proton.
What's a "jump box?"
Like a "stepping stone," a machine that's mainly used to connect to something else.
Bazzite has been my main driver for months and other than a rocky start involving video encoding it's been a dream. Bluefin has been fine, but some of the "batteries included" stuff would've been better left out entirely.
Trying to do more things inside of a container has been a challenge but it's a challenge I'm willing to accept. I personally think the headaches of integrating container processes with host processes are preferable to the headaches of tweaking files under /etc or leaving artifacts of configuration and old programs all across my filesystem.
I recently got a new desktop and decided to try something immutable for the first time. At the suggestion of a coworker, I went for Bazzite.
The install process was pretty simple; there were a few differences, but I expected that. For example, my desktop is a client of my NFS server and I'm accustomed to accessing the share through a directory immediately under root. Can't have that here. Presumably I could find a way to do that if it were necessary, but I just mounted it elsewhere.
Also, I like Cinnamon and was disappointed to find it wasn't simply available. However, it's been at least 12 years since I used any form of KDE and it's certainly improved a lot since then. I can get over that for now.
Those things settled, I setup all of my various accounts, ran a system update and rebooted just to bring everything in sync, as I would with any new install.
On coming back up, I could not launch steam; clicking the taskbar icon, clicking the start menu icon and manually attempting to launch from both the terminal and run prompt all returned the same error: steam not found.
I did some research and found a script entitled "fix-steam-reset" or something like that. I ran it and it did indeed appear to fix steam, even opening the main window when the script finished. However, when I closed that window and tried to launch steam manually through any of the other methods I mentioned, I got "you are not authorized to run this command."
I'm sure I messed up something - maybe I'm not supposed to run system updates manually or something? - and that it could have been recovered from where I left it, but it wasn't a great first UX for a distro that touts its own simplicity.
In the end I switched back to my old workhorse, Fedora, and have been very pleased with my machine.
I get it. I recently switched to NixOS from Arch and I absolutely love it. I would routinely go buck wild with Arch and eventually my system would just be populated with garbage or half assed things that I never bothered to fix. With Nix I don't have that choice. If I fuck around with the config well then it's not rebuilding and I need to actually fix it. It prevents me from breaking my system. If I do somehow many to break something then I can instantly roll back from the grub OR just retrieve a backup copy of my config which I keep on my server backup and my private git instance. Just have to git clone it.
So I was once one of those anti-immutable people but now I get it and i love it.
This is a very misinformed "article" 😂
In what way? Any claims of it being unbreakable or rock solid are obviously hype because nobody can guarantee that about any computer. Otherwise I don't think it's misinformed.
Seriously? Number 1-4 are just outright stupid claims, or misguided explanations at best. I especially laughed at the "system being in read-only mode" stupidity. WTF do you think EVERY SINGLE Unix-like system has configured, world writable everything?
Just what a stupid thing to claim:
The atomic updates but is also pretty stupid, since that's literally just a process difference, and unless you're running a stock base image (which almost nobody generally is), then you're not getting full atomic updates globally on your system, and certainly claiming they have no problems is dumb as hell. They then try and point out that NOT being able to update a single application is some sort of benefit, which, hey...maybe that's subjective, but it's outright just a dumb claim.
Lastly, there's a claim in there seems to sound something like it's normally a battlefield amongst running applications on a non-immutable system, and that somehow there is problematic interaction between programs which is, again, false and ignorant. I don't even need to deep dive on how misinformed this is, but THEN they take it a step deeper and do one of these idiotic things these uninformed "tech writers" like to do and give this old chestnut: "THANKS TO CONTAINERIZATION"...
HOLEEE SHIT. I DID NOT KNOW THAT CONTAINERZ WERE OTHERWISE NOT CAPABLE OF RUNNING ON OTHER SYSTEMS ZOMAGEE. It's almost an equally stupid claim as the security bit, and has absolutely nothing to do with immutable distros. Writing "because you're forced to use containers" doesn't ring like a feature, so of course they're going to phrase it the other way. The point is that it's not some feature of immutable distro, just a thing that exists everywhere. Has absolutely nothing to do with the feature set of what they're trying to write about.
Just dumb.
i've moved to immutable systems for my home server (OpenSUSE MicroOS) and for my wife (Kalpa.)
i tried it on my personal machine, but i still need more flexibility to get things just the way i like them, so i stick with EndeavourOS (arch-based.)
It seems like a lot of people in the thread here are using immutable distros as a way to not have to deal with cleanup after uninstalling programs, but other than that it seems that the article is questionable at best? I'm new to this immutable distro thing so i'm curious how many people actually use immutable distros for other reasons than above. To me it seems to be unnecessarily locking down your machine.
Apparently it's supposed to be harder to bork than regular distros.
But, really, how frequently a normal user borks their system?
I've been using Linux for since 2004 and I can't remember the last time (if any) that I irrecoverably borked the system.
I use arch, mint and Fedora. Repositories in those three are solid.
Yes, immutable systems have their uses. Mostly entreprise uses but for home? Only out of curiosity.
Immutable systems rely heavily on Flatpak because the universal installer sandboxes an installed application
They are also all Fedora based so far. Can you install from tar.gz into home directory?
Installing development libraries, whether bleeding edge nightlies, or just slightly obscure, often requires write access to some of the key folders. Does that get difficult?
Non-Fedora-based immutable distros:
Installing development libraries, whether bleeding edge nightlies, or just slightly obscure, often requires write access to some of the key folders. Does that get difficult?
Nope if you do it in containers. In case of Bazzite, you have podman/distrobox/toolbox, and this particular thing you'd usually want to do in distrobox, which is going to be easier/faster than going full general docker/podman container route. It usually goes like this:
undefined
distrobox create -n ubuntubox -i ubuntu:20.04 distrobox enter ubuntubox sudo apt-get install mydevlibraries ...
You'd do most of that stuff inside a container (Distrobox probably). You'd basically have a "clean OS" to start with (doesn't have to be the same OS as the host even) and install your libraries like normal. Distrobox does a good job of integrating with the host so you mostly won't know you're in a container. It's not perfect though, and if you have little experience with containers you'll definitely have a hard time doing what you need to.
ZDNET's key takeaways
A very hard sell, all positive, shill work.
+++++++++++++++++++++++++++++++
Security is great on linux, You dont this on a desktop distro.
reliability is great on linux, You dont this it on a desktop distro.
I have been using linux for 20 years and never borked anything.
This includes distro's: Kali, ParrotOS, Debian, linux mint, unbuntu, manjaro, arch, Archman, Blackarch, Endeavour, raspberry pi, sparky linux and the old ArcoLinux, on and on.
sounds more like androids a/b partitioning system. and look how delicate that is
apt, npm, AUR, pamac and pacman etc, have been working great for years,
never had a package break! at install.
Suitable for experienced users and lazy bastards.
With an immutable system, you are always guaranteed to have a bootable system. The updates for an immutable system have been well-tested by the developers, which means the updates are easily reproducible
All those shitty updates I installed over 20 years, none failed, and all the updates had been tested by the developers.
and more and more reasons not to go with immutability
too much hard sell