I loved your video. What about the reproducible build distros? NixOS and GuixSD? I know you have NixOS but would be cool if you talk about GuixSD and a comparision between them
Here's a small correction- Nixos doesn't necessarily require reboots to apply configurations (or update the system). nixos-rebuild boot makes the updated config available from the next boot onwards, whereas nixos-rebuild switch makes those changes take place right away.
I trust vannila os, pika os, fedora immutable spins, endless os than nix os. They are easier for me to work on. I'm a Fedora Linux user. So I don't want nix os.
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
One thing not mentioned here--in many cases, you can start with a base image and then apply a set of changes to customize your configuration. If you put those changes on a git server, then you now have a versioned record of everything you've done to configure your system. This is of course excellent for reproducibility, but it's also great for experimentation. You can try things out with complete security because if something goes wrong, you can simply revert your changes. I initially tried this out with universal blue, which provides support for customizing fedora silverblue, but then I switched to NixOS, which is really ideal for reproducibility + risk-free experimentation.
Yeah, this is precisely what attracts me to this concept of distros built from declarative configuration files. I have had to keep notes manually about what apps to install, what config changes to make, etc. for whenever I switch computers or refresh my OS. In fact, I have one such document for Linux, one for Firefox (fortunately these days most stuff is synced), one for Android, etc. There are way too many systems and apps that can be tweaked, extended and customized, and keeping track of all the changes is a neverending challenge. Sometimes even distro upgrades mess up with a lot of such tweaks one accumulates over the years, often as an the sum of experiments that happened to stick (so without planning and without documentation). Having a distro where the only way changes can be made is precisely through such documented, explicitly recorded system, would be wonderful way to reduce the amount of manual bookkeeping I have to do to maintain my systems working as intended as circumstances change.
macOS is already doing this sort of thing on mainstream desktops with the introduction of the sealed system volume, so I think immutable distros probably can be made fairly seamless for regular users, so I do think the norm will move in that direction in the coming years
en.wikipedia.org/wiki/System_Integrity_Protection for reference. BSD and Linux have had variations on this feature for quite some time. I think Mac users are less affected because MacOS came with a hierarchy of /System /Library ~/Library that already allowed one to install system-wide (/Library) and user level files without putting things in /System well before they added SIP.
I advice you all to watch the talks of Richard Brown, a developer at SUSE who is also the creator of OpenSUSE MicroOS an immutable variant. He did a talk called "Why you should be running the MicroOS Desktop", when he explains why he consider MicroOS to be the "best" distribution he still acknowledge the various disadvantages it can have and the problems that an immutable system still needs to resolve.
An "immutable" OS is very appealing to me as someone who regularly runs new and unknown software on their daily driver. I always keep a drive image as a backup, but I'd rather avoid the hassle in the first place! Plus the payload may already have gotten inside the image... and the one before that, and the one before that... 😅
I bet 10 bucks that Apple would do the same thing and sell it as "security update" while all they would do is to charge you extra to let you keep your files after a reboot.
I use Fedora Kinoite and i love it. I love the immutable base and im used to work with containers. Kinoite makes it easy for me to keep track of what i installed on the base system and therefore keeps my system clean. If i wanna test something: spawn a podman container and delete the container after testing. Upgrading to a new version of fedora is also extremely safe. If let's say you upgrade from version 38 to 39 you can rollback if something doesnt work properly in the new version. So having a bleeding edge system with this safety net is the perfect combination.
What I don't really get is, why you just don't use "normal" fedora and install your apps in a podman container or just as flatpaks? So you have the best of both worlds. You can change your system if you want to but at the same time you can be sure, that your libraries / dependencies aren't going to get bricked by some updates or new apps that you installed. So what do you gain beside not beeing able to change your system to your liking or just by layering the packages onto the main system? Nicks conclusion is exactly the way I see it too.
@@vaisakh_km no. Having a container running doesn't take resources in itself. If no applications run in the container it won't take any resources just by being started. I think what you are referring to here is virtual machines: those take resources when they run.
We already do, this is pretty much exactly how modern Android works. Current phones ship with two system partitions, "Slot A" and "Slot B". Without root, both partitions are read-only. Apps are installed into an overlay file system which can work with either "slot". When you do a system update, it builds the updated system partition into whichever "slot" is not active, then marks that "slot" as active, and reboots. If your bootloader is unlocked, you can even manually select which "slot" to boot from.
@@silverywingsagain I see now that there are some disadvantages. Usually in Android, the bootloader is locked and root is not always easy on every device. The companies can lock us out of their OS. Or it is our OS if we paid for it?
Immutable distros certainly have their momentum, and there is a niche for that approach, but i don't think the classic approach will be gone anytime soon.
In most cases, people should be rebooting any distro after updates. It's the only way to guarantee you're actually using all the new versions of apps & libraries. I've run into a lot of weird issues & instability, when I do not.
I wish every package manager did what zypper does and prompt you after an update to look at what all system components are actively running and are still using a now-deleted or overwritten version of a file. Being able to complete the update process != having the updates take effect.
I am using Ubuntu since what 14.04 or something (many, many, many years)? I barely ever restarted after applying the updates to my server and it always works...
@@igordasunddas3377 The software stack of a server is typically not as complex as a desktop, and not interacted with nearly as frequently, thus you're far less likely to notice any issues. That said, you probably went many long periods with updated software on disk not being used, while the system keeps humming along with the old versions still loaded in memory, leaving your system potentially vulnerable.
@@igordasunddas3377it may work, but there will often be processes which are still running the old version. OpenSUSE tells you which processes need to be restarted which makes it easier, but on distros that don't do that it's better to just reboot every time.
Immutable distros are a likely future for average person. Most people using a computer have no need for the kind of power that a traditional distro provides. They wanna browse the web, send emails and maybe use office. They don't need or want to see the stuff under the hood and having them accidentally break something is a real risk. A risk that immutable systems don't have. Silverblue is something I wanna give a whirl for myself one day. It's looking like it's quite reliable to use on the daily. Steam OS is also very cool. I'm hoping Valve release generic ISOs for that soon. Also, you can update packages on Fedora without a reboot. Updating through the terminal using DNF will just apply the update, no rebooting required. It'll be fine most of the the time. I just let Fedora update when I shut down my PC though, so the reboot option works fine for me.
NixOS is great, it's reproducible and doesn't make your computer a guess-the-state mess. It's also great for configuring multiple devices the exact same way.
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
macOS is immutable in some way too. The OS files themselves are on a “system volume” which is mounted as a read only snapshot that is recompiled when there’s an update. That means you can reinstall macOS without losing any user files and applications. And it’s VERY difficult for any malware to interfere with core system functionality. macOS switched to this with Big Sur with previous versions bringing CoW APFS and separate system and user volumes similar to LVM.
That's good and all, though having data, /home, etc as separate partition from root is not new but has long been quite common in the world of unix-like systems. I have a spare laptop that I use for testing various distros where the /home partition has sat through almost a dozen installs with zero problems. Edit: typo
@@Sjoerd1993 Back when I used a jail broken iPhone, the root partition was actually not immutable but completely R/W and persistent, and rooted Android is mostly persistent as well, at least for the /data section that cannot be accessed normally, though the system partition is non persistent.
@@szr8that has not been the case for several years. I’d post links but UA-cam…. If you search for “macOS signed system volume” you’ll find a number of Apple support documents about it as it has evolved over the last 3-4 years or thereabouts.
Рік тому
@@Sjoerd1993 You can lock down Windows to do the same. Through Group Policy and AD.
My opinion on this, as someone who's still quite new to the Linux space, is that these would be good for less tech savvy people coming over to Linux. They put a focus on security and stability, and prioritise package managers over any other form of application installation. I think this is very valuable for people who don't really want to edit their system, and just want to be able to click about and do their work/home life. For people who want more control over their systems, asking them to use an immutable system would be a bit of a stretch. I'm thinking someone like my mum could use an immutable Linux as her home OS. She's very prone to breaking things by simply panicking and clicking the wrong things, and she's very good at finding the wrong stuff on the internet and getting viruses. Giving her an immutable system would help a lot, as she can't easily break the internals, and it gives her the stability and package security that she'd seriously benefit from. I think if these ironed out some of the more awkward workarounds that have to be done into more clean, easy solutions, immutable distributions could completely change the way the average computer user sees Linux
09:20 Just as a heads-up, you don't need root privileges to update your image, just `rpm-ostree upgrade` will do. Same is true for installing/layering new packages ;-)
So unless you are advanced user, Immutable Distro is just like security/backup upgrade (the "immutable" reminds me of kotlin). You just have to re-learn how to install & update a software/app, again from the beginning.. Which can be easy or hell depends on YOU, the user.
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
@@themedleb I haven't tried but you could do a minimal base install from a ventoy USB, copy your config and home files and rebuild. That would be pretty fast. If I understand your question.
@@cjmoss51 as he's covered the other distros he talks about here in other videos. I was talking about the context in this particular video. I watched his NixOS video before I switched and his video contributed to my decision because he's a smart guy. He always asks for feedback and I think it was misleading to include NixOS with the other immutables.
The future is now for me since Nixos and OpenSuse kalpa are my daily drivers. Even my home lab server is an immutable operating system - OpenSuse micro os.
Very clear explanation. Thanks. I've been lucky that since 1998 when I first installed Slackware to now (Linux Mint and Tuxedo OS) I've never managed to break my entire system.
Immutable Distros are perfect for people who just want to have a stable and secure system. I play around with OpenSuse Kalpa (MicroOs alpha variant with KDE Plasma) in a VM and I really like it so far. I'm currently on Debian, but I could see me using it in the future. Tumbleweed is already a great stable rolling release but combined with the stability of an immutable system, would make it perfect.
Cool, didn't know linux had this tech too. Our current Virtual Desktop farm (multi user windows server) is build with the non-persistent principal. A small and clean golden image and the rest is added via app virtualization. Our future farm (W11/W12?) will use similar mechanisms. It's a bit of a learning curve in the beginning but we love the flexibility it gives us. I don't expect this to become a thing for personal users but maybe more for admins managing a lot of linux desktops.
Can I ask how do you guys manage to share the GPU between multiple Virtual Desktops? All the enterprise solutions I found usually use NVIDIA GRID or don't share the GPU.
@@tablettablete186 hi, we actually have no apps that really require a GPU so it's not an issue for us. We never really checked out what's possible so i'm afraid I can't help you with this.
@@tablettablete186I think Windows's Hyper-V has a method for GPU virtualization even on regular consumer GPUs, and it performs pretty well. Don't know of anything similar for Linux hosts though (well, I do, but none that perform as well)
I'm using debian bookworm right now with an arch distrobox container and it's honestly been a joy. Having the rolling release apps with the stability of debian. There are some awkward funny side effects but if you are somewhat experienced with linux it's pretty easy to overcome
@@jothainhahaha. I have all the slowness of LTS with all the instability of rolling release! Look upon my system in awe... Of how I thought this was a good idea... In all seriousness though, for my use case... I actually have arch break less than when I ran an LTS distro...
@@TheEclecticDyslexic Yeah. Like hilariously Ubuntu just borked with updates LTS version to remove GUI stuff or something, anyway making normal login impossible to desktop 🙂. Debian is insanely stabile imo, but yeah in all fairness what I ran openSUSE rolling for quite awhile expecting something nasty to happen, it got boring. Would've kept it, but too much updates for my net connection. Fedora was the same.There indeed are plethora of good quite bleeding edge distros around.
In Linux you reboot only when system libraries are updated. Basically when there's a kernel update. If something from your desktop is updated, you just need to logout and log back in. For some apps you just restart them. This might seem overwhelming for some so some distros opt to request a full system restart.
My dad, who turns 83 this year, has an old laptop where Windows was the OS. I made him switch to linux and an immutable system was the way to go, although I didn't. He lives a ways away but next time I see him I'm installing an immutable system on his laptop. This is great for comapnies using linux aswell . Haven't tried the distros myself but I do see the benefits of them and that the user won't mess things up as easily, whether it's for me I don't know, I'm fine with the way things are on my system.
Sorry, but end-users probably are the LAST group of people with the ability to mess anything up on linux (not like they'll be able to su or sudo, and if they're jailed it shouldn't have been a problem anyway)...so if you think you need it to any users: it's yourself as the admin you _really_ fear messing everything up.
@@DxBlack Guess you're right but I can't count the number of times by dad has messed something up on his PC, he's a tinkerer and always has been. Anyway I don't think it can hurt him in any way and if something was to go awry I get a chance to tinker myself 🙂
If everything actually works in the immutable distro (remote file sharing, sleep mode, Bluetooth, etc...) I could see them being better for a casual user like myself. My last attempt to use Linux on my daily desktop was an utter failure of a system going into a coma whenever it went to sleep. Of course, I'm still waiting for native HDR support before I try Linux again.
The best immutable linux distro is a Linux Live disk on a read only CD Rom, which Linux Mint no longer supports, perhaps someday Chrome OS will, which would be a pretty secure distro.
ChromeOS sticks make perfect sense. compared to settings things up, signing in to a Google account doesn't take that long and you can have stuff linked to say google drive instead of local storage. just plug in to any system ,enter network credentials and sign in.
Interesting to see that Vanilla OS is in the process of rebasing from Ubuntu to Debian. Hopefully Linux Mint does the same soon (despite Clemenet Lefevre's diplomatic statements about wanting to maintain a healthy working relationship with Canonical)....
They are gold for true Linux noobs. I remember playing with Ubuntu 10 years ago and the distro throughout years of trying different versions and updates after while would have the gui fail to launch. The Bluetooth would break. The same WIFI that I had used to download the update would not work after the update. Even now my HDR display would probably be useless on most distros. So far I have been using the steam deck to play Dragon Age Origins, and since cloud save doesn't work I've been using the Steam Deck as my main computer for about a month. Firefox does not full screen properly in game mode, and Chrome crashes pretty often, but the reboots are reasonably quick. HDR randomly turning off has been the only other draw back. I haven't noticed anything that would have let me know that it was immutable as I am probably the target audience for the Steam Deck. Oh, and the HDR fix is super simple, just turn it off and back on in settings then it works for a long time, not sure how long, I am not sure that issue happened more than one time or not. Either way it is seemingly acceptable. Would be nice if they made playing a walk-through while playing a game a little easier, but even that isn't that hard. Alt-tab would be nice though. No major complaints.
Immutable is the Android cognate of Linux. It's great for business usage, and for stable usage for things like Multi-Media creation workstations in corporate environments, and they're also great for newbies who not only un-tech savvy, but don't know what Linux is about, and don't want a geek to babysit them so they don't break their install every few hours.
After 13-15 years of messing with LInux, I consider myself on the cusp of being an intermediate user (but still far away). I say that, because I can see that something like this would keep beginners from breaking their distro so easily. Problem is that it doesn't sound user friendly. Besides, you learn more about your system when you break it (hopefully by accident) and then try to fix it. Then there's the core concept of Linux (at least as I perceive it): the freedom to make it entirely your own. I don't see how an immutable Linux distro affords that ability.
My father, a lifelong MS-DOS and Windows user, learned Linux in his final years - on Mint, as it happens. Age is only a number, as they say. I fully feel you on committing to what works, but never lose that human spirit of curiosity!
Рік тому+3
Silverblue user here... for the last year. according to MAtt from Fedora... they ARE the future for Fedora. The benefits way surpass the issues.
Re: updates - this is a feature that even some non-immutable distros like Garuda have as well thanks to full btrfs use. On Garuda in particular, btrfs snapshots are created every time “pacman -Syu” is run and every snapshot is added to your GRUB menu, so if some update breaks your system, just boot into an old snapshot and you’ll be prompted to restore it when it’s fully booted.
Immutable distros sure look like an interesting approach for servers or systems that need to be super duper stable. But right now I'm good with Debian testing (even if I sometimes want newer packages earlier...). Thank you for showing us what they can do!
Latest Elive Linux has that covered in a nice way. On boot you can choose to boot in your standard system or into their so called "impermutable' system. The latter allows everything the normal system would, except that all changes will be lost after a reboot. It's great for testing intricate stuff that could break your system. 😇
Thanks for this overview on immutable distros, Nick. I actually considered to put BlendOS onto a ThinkPad I would use exclusively for work but the handling of updates and stuff still feels weird to me. Maybe sticking with openSuSE Leap and snapshots is the smarter approach here? I don't know. But I like the concept a lot, especially since both BlendOS and VanillaOS try to get rid of the issue of where to obtain packages from since that's still an issue with say Arch having patches and changes Ubuntu users have no access to even with PPAs. At least flatpak compensates for that already a bit.
Great video! I am wondering if running another distro inside the container of an immutable distro works better than virtual machines? It could be a good thing to check out other distros without having to reinstall the OS from scratch every time for bare metal vs possible limitations in VMs. I also think in some cases, tinkering with distros inside a container could provide more security. At some point I want to take the time to learn Arch and it's nice to know that if I break Arch, I still have a secure functioning OS where I can still do my daily tasks.
It doesn't really work like that. If you start a arch container for example; this is one command to create it, another command to start it. Then you just install any packages you want and start those programs. You don't ever install or use the desktop that comes with arch. You won't do much in terms of configuration or customisation. It is awesome but not even close to full installation experience.
I was hoping you would say you hardly need to reboot at all, just rebooting the overlay userland. Or did you say the appliance type ones can have v high uptime? I use KBOOT/exec to restart my box without going to BIOS
Thank you for this informative tutorial presentation. I did try an immutable (Silverblue), but was stuck since the extra programs i needed were not available as flatpacks or within containers. I guess I am one year too early to be an immutable system user. I am a Fedora 38 user, and from day zero to today (4.5months), I have had zero issues. Perhaps it is because of btrfs file system, or my being the sole user of my desktop system. I have not ever needed to roll-back any software I downloaded, but who knows about the future.
Hello, Good to hear that Fedora works great for you. Which software did you miss in containers? It should all be there, only the core components of your OS cannot come from within a container. But I have to admit that it is not trivial to work with containers, at least right now. I think that is something that needs and will improve in the upcoming years
@@matthiasbendewald1803 It did not work for me. I have 4 other partitions that I have and wanted to add to /etc/fstab, to be mounted at time of system boot but ... I then received information explaining how to add to the immutable /etc/fstab. So, I have an updated /etc/fstab and all is well.
My Development forders are shared across 5 distros on the same system. Each distro has it's own boot drive, and all share a /Development, a /LinuxStuff, a /temp and /Backup. Each Devt system has it's own /home. For now, silverblue is not for me, (I think).
Following one of your previous videos, I tried nixos as my desktop. I like what it's trying to do. But I had a show-stopper. KDESVN is something I use/rely-on. Nixos doesn't include it in its kde packages build. So I went down a several-day rabbit hole of trying to built it myself. I'm a retired software engineer, so not particularly bothered by the idea of building an app from sources. But after several days of banging my head against different brick walls in nixos, I gave up. Nixos trades something I didn't know I needed for something that I did need.
I've done something similar to this (the hard way) for years. I do all my banking on a VM that is itself as locked down and isolated as possible. Every time I use it, I revert it to its previous state. It's also on its own disk, and I cut power to it when it's not in use via a honest-to-goodness toggle switch (not a momentary switch). These new immutable distributions sound like they could take some of this manual effort out of my hands!
Tried Fedora Kinoite a few weeks ago. The first flatpak program I installed wouldn't run because of missing dependencies in the OS. The FIRST! 😂 Installed regular fedora workstation and decided to postpone immutable experiments for a while...
A nice to way it is: Traditional linux distros are a distribution of packages that are managed by a.......package manager "Immutable" linux distros are distribution of a operating system image on top of which you can install additional software
was windows XP embedded not an immutable OS? (today windows IoT) You needed to setup the OS to deploy with specialized tooling for OEM, then it was setup on target HW, where it had an immutable partition, and the rest was reset at reboot or by command.
I don't think this will be the future for everyone, but its amazing for enterprise and beginners. I'm honestly excited for what this tech can do for linux on mobile.
I’m actually using a semi immutable os right now there’s a command to remove the immutablenes and the home doesn’t get wiped, updating wipes changes but it’s convenient for a gaming focused “just works” pc
Actually these immutable distros remind me to no-root docker containers. We even had an enterprise kubernetes cluster which enforced using only non-root images. I think they are quite common as server machine images as well.
In all honesty, for me immutable distros have been being the present (in the form of OSTree-based Fedora’s Universal Blue Kinoite and Sericea) for the last almost two years…
I use NixOS, but I actually use a tmpfs as rootfs, to guarantee that there are no changes to the filesystem which arent specified in the config. On boot, it them bind mounts and symlinks paths which should be persisted, as well as some paths which can't be in the nix store, into place. BTW even my home directory is on the tmpfs. I just persist the XDG directories (Documents, Downloads, etc.) + some more, and the rest gets thrown away at reboot. Helps keep the number of dotfiles low.
I don't think these things will replace conventional distros for users who want to get into the entrails of their systems, but I think they might be good for people who want a reliable computer for doing their work and living their life with (I'm one of those). I've had a brief play with two immutables: Kinoite, because it was the only way I could do an install of Plasma v. 6.0 to try it out (I always seem to have problems with KDE/Plasma), and Endless OS. Both seem nice calm systems, and Endless, though still with a big education focus, now has a default interface designed for adults. I have a friend who's bright but definitely not tech oriented, and I'm beginning to think that Endless might be rather good for her. As I understand it, updating is like updating the OS on your phone, and lots of people are happy enough with that. And Flatpak works fine for non-technical software. These could be just the thing if there really is a surge of refugees from Microsoft.
These Immutable systems sound very cool and I wish I could adopt it. But in no way I'm going to jump into this rabbit hole of again trying to learn how to do basic stuff. Things should be easy and the user should be able to do it in a couple of clicks.
Can I install an immutable OS on a multi-boot configuration (separate partition)? I currently use rEFInd and alternate between 3 OS's on one partition. I would want to be able to add say NixOS to another partition and use rEFInd to boot to that immutable NixOS whenever I want.
I just worked out how to set up a second drive as my /home folder by editing the fstab configuration file. I guess I won’t be able to do that in an immutable distro?
This sounds a lot like a live Linux environment with a persistence “overlay” - this allows you to have read/write access to the whole OS while keeping the base OS image.
I used nix for 2 years + . Had to use the rollback for some reason my pc don't like the stable kernel. So happy it works this good and even with ext4 and not forcing btrfs on you. Even tho i liked using that it wears more 'the filesystem' . The minus side, is that you need to "collect your garbage" and it will take large amount of space on your drive (the old generations) :)
It's never "one size fits all" or one way of doing things that fits everyone's needs. Immutable distros show off the power of Linux in what they bring to the table for those who want those things...and like all things Linux, they're just an option.
I love a lot about the idea of immutable distros. Having my computer work like a fresh install all the time sounds great. But I worry that they give too much control to the distro makers. It feels like a step towards walled garden ecosystems. And I do quite strongly oppose that.
Immutable systems are inspired by how smartphone operating systems are already image-based. If you can deal with the whole OS as a single image, Secure Boot (or a future technology like it) becomes way more powerful. Antivirus software, while practically unnecessary now on Linux, will offer even less benefit on an immutable system because you can just restore the device with a reboot. Overall, I’m on board with the idea of immutable systems, but there is still enough to tinker with (e.g., graphics drivers doing funky things) to make these systems undesirable to large segments of the community.
Currently on VanillaOS and it is a blast., atleast for me who is using Linux mainly as a everyday machine rather than a workstation. It is something I can see preinstalled on devices in the near future and I hope they can pull all of their goals off. Their premise is great and I love what they accomplished, hopefully OS 2 will turn out even better than the first one. Thanks for the Video on this topic!
@@Skelterbane69 you can’t, they have intentions to atleast bring KDE into the mix but currently only GNOME. If you look for another immutable, more friendly Distro, Silverblue/Kinoite especially with ublue and BlendOS are great too.
i've installed silverblue simply because i need something that i can always count on working for my school laptop. too many times have i created bigger issues trying to solve little ones
QubesOS does this since many years. There is a template image that is immutable when the app image VM based on it is booted. All changes are discarded after reboot except some whitelisted directories like the user directory or Docker image cache.
I can see immutable desktops being used by companies that need to maintain consistency throughout their user base. I can see something like NixOS being used because it can rebuild itself after each reboot.
Haiku is kinda-immutable too, but has an interesting scheme. The base system is distributed in the same .hpkg packages as regular software, and .hpkgs never unpack, but mount on boot kinda like Snaps but without cluttering mount list. To install a package, you don't even really need to use a package manager, you can just copy the package into /system/packages/ You can also install a package per-user, by copying it into ~/config/packages/, but this has no use as of right now, since the OS is single-user in R1
I pretty much think that immutable distros are much better for enterprise workstations. It makes the work of the IT guys much easier since it is already locked down. Normal distro is still the best for home workstation....
I run Silverblue on my daily driver and am super happy with it. I wonder what other immutable OS'es people actually run (or tried) and what they think of it.
ok but the obvious question, do you get to get rid of the old system images or no? because i would imagine immutable linux would fill up your drive very quickly, just like the rollback feature on other OS'..
If this system can be ironed-out to make it more user-friendly, then like universal packaging it could be another step towards catching up to Windows' market share
The question how updates are handled (need reboot before applying or not) can be very different, depending on *how often* the distro gets updates. Fedora installs updates after reboot, which I would be almost okay with... if it didn't get updates pretty much *every day*! Getting daily updates means you need to have a quiet, background, no-hassle update mechanism that interferes with you workflow as little as possible - a case for no-reboot-required *points to traditional distros*. If system updates are rather a bi-weekly to monthly phenomenon (which I would prefer), then requiring a reboot can be okay. Likewise, if we install, remove and configure stuff a lot, having to reboot each time is a big hassle. If you setup a laptop for your old relative who only ever uses the same three apps, the immutability will probably be a boon.
I think the idea is that you reboot to your updated system once you're done with the PC for the day (or if you're the type to turn the PC off when you go sleep it'll boot into the newly updated system when you turn it on next). Poke around universal blue and the youtube videos of one of the guys behind it (which you can find on its website)
I had install silverblue on my second laptop, it worked fine for the most part however there were things I hadn't been able do till this date like use cuda with pytorch inside toolbox.
A read-only /usr isn't a new development at all. Mounting it over a network and updating | installing new software out of band was supposedly quite common in the past decades. The goal was to share it among whole fleets of computers, which is arguably what image-based distros are trying to achieve now, just without network storage.
I honestly think immutable OSes are better for new users and most intermediate users. The added stability, the ease of using flatpak and flathub as your single packaging system, not being allowed to screw up your system. All of these benefit newer users. I do think the concept of immutability goes agains the idea of a free, and open system. But it seems like a better way of doing things for a lot of people. This is why I main Nix
what happens if you want to blacklist drivers or change some power settings, etc. I have edited boot files and others to make fedora 38 run nvidia. if a distro is immutable, how to make system changes for certain hardware, etc.
Isn't booting from some read only media with scratch/storage something that's been an option for, well a very very long time? This sounds also a lot like something Windows has had as an option since windows 8 (not 8.1, just 8) called wimboot. The operating system being written to a single compressed read only file decompressed on the fly at runtime and then updates to it are overlayed on that. I think it just lacks the ability to easily and seamlessly roll back the updates if they fail or to restore the system to original installation state.
Could you call her things like: using video editors with Linux, streaming with Linux and especially using Linux as storage servers and NAS like symbology.
They're not "immutable" per say, but the point of e.g. a Dockerfile is that the created image will always be the same, so at the start it has the same effect
Absolutely. That's why Fedora CoreOS/IoT and OpenSUSE MicroOS exist. They're basically boot loaders for docker/podman images. I believe they're gaining a lot of traction in the server world.
Of course it's secure! It is always about security. You can't have a text editor without it self-updating and informing distributor about how secure your personal files have become. "Here's the list of those: ..."
Head to squarespace.com/thelinuxexperiment to save 10% off your first purchase of a website or domain using code thelinuxexperiment
I loved your video.
What about the reproducible build distros? NixOS and GuixSD?
I know you have NixOS but would be cool if you talk about GuixSD and a comparision between them
I don’t see this being the future for me as I like the idea of updating my apps and directly doing things
KIOSK.
Here's a small correction- Nixos doesn't necessarily require reboots to apply configurations (or update the system).
nixos-rebuild boot makes the updated config available from the next boot onwards, whereas nixos-rebuild switch makes those changes take place right away.
I trust vannila os, pika os, fedora immutable spins, endless os than nix os. They are easier for me to work on. I'm a Fedora Linux user. So I don't want nix os.
Yes, and in Fedora Silverblue same can be done with the terminal option/command apply-live
seems like many youtubers make this mistake 😅
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
Opensuse aeon (was micros desktop) also comes with the option to directly apply changes in the running system. It is not adviced to do so, though...
“Are the future of Linux?”
Edit: This mistake in the title has since been corrected.
Dammit
huh ?
@@siliconhawkI think it was about the title
@@siliconhawk it was a mistake in the title that has since been corrected.
oh okay then thx @@WilburJaywright
One thing not mentioned here--in many cases, you can start with a base image and then apply a set of changes to customize your configuration. If you put those changes on a git server, then you now have a versioned record of everything you've done to configure your system. This is of course excellent for reproducibility, but it's also great for experimentation. You can try things out with complete security because if something goes wrong, you can simply revert your changes.
I initially tried this out with universal blue, which provides support for customizing fedora silverblue, but then I switched to NixOS, which is really ideal for reproducibility + risk-free experimentation.
Yeah, this is precisely what attracts me to this concept of distros built from declarative configuration files. I have had to keep notes manually about what apps to install, what config changes to make, etc. for whenever I switch computers or refresh my OS. In fact, I have one such document for Linux, one for Firefox (fortunately these days most stuff is synced), one for Android, etc. There are way too many systems and apps that can be tweaked, extended and customized, and keeping track of all the changes is a neverending challenge. Sometimes even distro upgrades mess up with a lot of such tweaks one accumulates over the years, often as an the sum of experiments that happened to stick (so without planning and without documentation). Having a distro where the only way changes can be made is precisely through such documented, explicitly recorded system, would be wonderful way to reduce the amount of manual bookkeeping I have to do to maintain my systems working as intended as circumstances change.
macOS is already doing this sort of thing on mainstream desktops with the introduction of the sealed system volume, so I think immutable distros probably can be made fairly seamless for regular users, so I do think the norm will move in that direction in the coming years
en.wikipedia.org/wiki/System_Integrity_Protection for reference. BSD and Linux have had variations on this feature for quite some time. I think Mac users are less affected because MacOS came with a hierarchy of /System /Library ~/Library that already allowed one to install system-wide (/Library) and user level files without putting things in /System well before they added SIP.
@@jasonkenney2231a link in a youtube comments section? how?
I advice you all to watch the talks of Richard Brown, a developer at SUSE who is also the creator of OpenSUSE MicroOS an immutable variant.
He did a talk called "Why you should be running the MicroOS Desktop", when he explains why he consider MicroOS to be the "best" distribution he still acknowledge the various disadvantages it can have and the problems that an immutable system still needs to resolve.
Are you saying that Dick Brown created MicroOS?
@@GuyonthePhone I'm sorry but who is dick brown ?
Richard brown is a distro architect at SUSE and created OpenSUSE Aeon (previously OpenSUSE MicroOS).
An "immutable" OS is very appealing to me as someone who regularly runs new and unknown software on their daily driver. I always keep a drive image as a backup, but I'd rather avoid the hassle in the first place!
Plus the payload may already have gotten inside the image... and the one before that, and the one before that... 😅
I bet 10 bucks that Apple would do the same thing and sell it as "security update" while all they would do is to charge you extra to let you keep your files after a reboot.
It already mostly is.
macOS already runs much like this.
Macos is already doing it for few years.
@@476429yes mostly a few things can de done without a Update but its not weong its semi imutable
Linux users try to go one second without bringing up Apple or Microsoft challenge (IMPOSSIBLE)
I use Fedora Kinoite and i love it. I love the immutable base and im used to work with containers. Kinoite makes it easy for me to keep track of what i installed on the base system and therefore keeps my system clean. If i wanna test something: spawn a podman container and delete the container after testing.
Upgrading to a new version of fedora is also extremely safe. If let's say you upgrade from version 38 to 39 you can rollback if something doesnt work properly in the new version. So having a bleeding edge system with this safety net is the perfect combination.
Is immutable distros good for laptops? A lot of containers runnin_ will takes up a lot of power right?
What I don't really get is, why you just don't use "normal" fedora and install your apps in a podman container or just as flatpaks? So you have the best of both worlds. You can change your system if you want to but at the same time you can be sure, that your libraries / dependencies aren't going to get bricked by some updates or new apps that you installed. So what do you gain beside not beeing able to change your system to your liking or just by layering the packages onto the main system? Nicks conclusion is exactly the way I see it too.
@@vaisakh_km no. Having a container running doesn't take resources in itself. If no applications run in the container it won't take any resources just by being started. I think what you are referring to here is virtual machines: those take resources when they run.
@@vaisakh_km A container is not a VM.
I really like the idea of immutable distro. They have a lot of potential for the future. I hope we will have this for smartphone soon.
We already do, this is pretty much exactly how modern Android works. Current phones ship with two system partitions, "Slot A" and "Slot B". Without root, both partitions are read-only. Apps are installed into an overlay file system which can work with either "slot". When you do a system update, it builds the updated system partition into whichever "slot" is not active, then marks that "slot" as active, and reboots. If your bootloader is unlocked, you can even manually select which "slot" to boot from.
@@silverywingsagain I see now that there are some disadvantages. Usually in Android, the bootloader is locked and root is not always easy on every device. The companies can lock us out of their OS. Or it is our OS if we paid for it?
Immutable distros certainly have their momentum, and there is a niche for that approach, but i don't think the classic approach will be gone anytime soon.
I was gonna say; sounds cool, but what does it do for me as an everyday EndeavorOS user?
In most cases, people should be rebooting any distro after updates. It's the only way to guarantee you're actually using all the new versions of apps & libraries. I've run into a lot of weird issues & instability, when I do not.
I just update before I shut my pc off, before I go to bed.
Pretty simple.
I wish every package manager did what zypper does and prompt you after an update to look at what all system components are actively running and are still using a now-deleted or overwritten version of a file.
Being able to complete the update process != having the updates take effect.
I am using Ubuntu since what 14.04 or something (many, many, many years)? I barely ever restarted after applying the updates to my server and it always works...
@@igordasunddas3377 The software stack of a server is typically not as complex as a desktop, and not interacted with nearly as frequently, thus you're far less likely to notice any issues. That said, you probably went many long periods with updated software on disk not being used, while the system keeps humming along with the old versions still loaded in memory, leaving your system potentially vulnerable.
@@igordasunddas3377it may work, but there will often be processes which are still running the old version. OpenSUSE tells you which processes need to be restarted which makes it easier, but on distros that don't do that it's better to just reboot every time.
I don't know if this will take over regular Linux desktop, but this is probably the way for future linux mobile.
Immutable distros are a likely future for average person. Most people using a computer have no need for the kind of power that a traditional distro provides. They wanna browse the web, send emails and maybe use office. They don't need or want to see the stuff under the hood and having them accidentally break something is a real risk. A risk that immutable systems don't have.
Silverblue is something I wanna give a whirl for myself one day. It's looking like it's quite reliable to use on the daily. Steam OS is also very cool. I'm hoping Valve release generic ISOs for that soon.
Also, you can update packages on Fedora without a reboot. Updating through the terminal using DNF will just apply the update, no rebooting required. It'll be fine most of the the time. I just let Fedora update when I shut down my PC though, so the reboot option works fine for me.
NixOS is great, it's reproducible and doesn't make your computer a guess-the-state mess.
It's also great for configuring multiple devices the exact same way.
Yeah Nix is wonderful
I really wanted to switch to it... But i am afraid whether it is another year long rabbit hole i am getting into...
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
@@vaisakh_km This!
@@themedlebunfortunately not, NixOS needs internet to install packages and it has almost nothing by default.
macOS is immutable in some way too. The OS files themselves are on a “system volume” which is mounted as a read only snapshot that is recompiled when there’s an update. That means you can reinstall macOS without losing any user files and applications. And it’s VERY difficult for any malware to interfere with core system functionality. macOS switched to this with Big Sur with previous versions bringing CoW APFS and separate system and user volumes similar to LVM.
That's good and all, though having data, /home, etc as separate partition from root is not new but has long been quite common in the world of unix-like systems.
I have a spare laptop that I use for testing various distros where the /home partition has sat through almost a dozen installs with zero problems.
Edit: typo
MacOS, Android and iOS are all immutable. The only major OS that isn't is Microsoft Windows, and most Linux distro's.
@@Sjoerd1993 Back when I used a jail broken iPhone, the root partition was actually not immutable but completely R/W and persistent, and rooted Android is mostly persistent as well, at least for the /data section that cannot be accessed normally, though the system partition is non persistent.
@@szr8that has not been the case for several years. I’d post links but UA-cam….
If you search for “macOS signed system volume” you’ll find a number of Apple support documents about it as it has evolved over the last 3-4 years or thereabouts.
@@Sjoerd1993 You can lock down Windows to do the same. Through Group Policy and AD.
My opinion on this, as someone who's still quite new to the Linux space, is that these would be good for less tech savvy people coming over to Linux. They put a focus on security and stability, and prioritise package managers over any other form of application installation. I think this is very valuable for people who don't really want to edit their system, and just want to be able to click about and do their work/home life. For people who want more control over their systems, asking them to use an immutable system would be a bit of a stretch.
I'm thinking someone like my mum could use an immutable Linux as her home OS. She's very prone to breaking things by simply panicking and clicking the wrong things, and she's very good at finding the wrong stuff on the internet and getting viruses. Giving her an immutable system would help a lot, as she can't easily break the internals, and it gives her the stability and package security that she'd seriously benefit from. I think if these ironed out some of the more awkward workarounds that have to be done into more clean, easy solutions, immutable distributions could completely change the way the average computer user sees Linux
09:20 Just as a heads-up, you don't need root privileges to update your image, just `rpm-ostree upgrade` will do. Same is true for installing/layering new packages ;-)
So unless you are advanced user, Immutable Distro is just like security/backup upgrade (the "immutable" reminds me of kotlin).
You just have to re-learn how to install & update a software/app, again from the beginning.. Which can be easy or hell depends on YOU, the user.
+1 for NixOS.
It's too bad you lumped it with the other immutables because it doesn't suffer the drawbacks you mentioned (except learning curve).
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
@@themedleb I haven't tried but you could do a minimal base install from a ventoy USB, copy your config and home files and rebuild. That would be pretty fast. If I understand your question.
He has an entire video just on NixOS. He has definitely covered this.
@@cjmoss51 as he's covered the other distros he talks about here in other videos. I was talking about the context in this particular video. I watched his NixOS video before I switched and his video contributed to my decision because he's a smart guy. He always asks for feedback and I think it was misleading to include NixOS with the other immutables.
The future is now for me since Nixos and OpenSuse kalpa are my daily drivers. Even my home lab server is an immutable operating system - OpenSuse micro os.
Very clear explanation. Thanks. I've been lucky that since 1998 when I first installed Slackware to now (Linux Mint and Tuxedo OS) I've never managed to break my entire system.
Wow
Immutable Distros are perfect for people who just want to have a stable and secure system. I play around with OpenSuse Kalpa (MicroOs alpha variant with KDE Plasma) in a VM and I really like it so far. I'm currently on Debian, but I could see me using it in the future. Tumbleweed is already a great stable rolling release but combined with the stability of an immutable system, would make it perfect.
Cool, didn't know linux had this tech too. Our current Virtual Desktop farm (multi user windows server) is build with the non-persistent principal. A small and clean golden image and the rest is added via app virtualization. Our future farm (W11/W12?) will use similar mechanisms. It's a bit of a learning curve in the beginning but we love the flexibility it gives us.
I don't expect this to become a thing for personal users but maybe more for admins managing a lot of linux desktops.
Yeah probably for workstations where you want to make sure you don’t have to fix things all the time!
Can I ask how do you guys manage to share the GPU between multiple Virtual Desktops?
All the enterprise solutions I found usually use NVIDIA GRID or don't share the GPU.
@@tablettablete186 hi, we actually have no apps that really require a GPU so it's not an issue for us. We never really checked out what's possible so i'm afraid I can't help you with this.
@@IgorEngelen1974 Sad, but thanks for responding! I guess I will continue on my search!
@@tablettablete186I think Windows's Hyper-V has a method for GPU virtualization even on regular consumer GPUs, and it performs pretty well. Don't know of anything similar for Linux hosts though (well, I do, but none that perform as well)
I'm using debian bookworm right now with an arch distrobox container and it's honestly been a joy. Having the rolling release apps with the stability of debian. There are some awkward funny side effects but if you are somewhat experienced with linux it's pretty easy to overcome
Lol, I initially read that the exact opposite and was like "what the f is this guy trying to accomplish?" 😀
@@jothain Yeah the opposite would be pretty weird ngl, my somewhat broken English might have thrown you off, my bad
@@p3rtang No, not at all. Likely my non-native English skills made trick to me trying to read fast. Reading again I realized what you actually meant 🙂
@@jothainhahaha. I have all the slowness of LTS with all the instability of rolling release! Look upon my system in awe... Of how I thought this was a good idea...
In all seriousness though, for my use case... I actually have arch break less than when I ran an LTS distro...
@@TheEclecticDyslexic Yeah. Like hilariously Ubuntu just borked with updates LTS version to remove GUI stuff or something, anyway making normal login impossible to desktop 🙂. Debian is insanely stabile imo, but yeah in all fairness what I ran openSUSE rolling for quite awhile expecting something nasty to happen, it got boring. Would've kept it, but too much updates for my net connection. Fedora was the same.There indeed are plethora of good quite bleeding edge distros around.
In Linux you reboot only when system libraries are updated. Basically when there's a kernel update. If something from your desktop is updated, you just need to logout and log back in. For some apps you just restart them. This might seem overwhelming for some so some distros opt to request a full system restart.
My dad, who turns 83 this year, has an old laptop where Windows was the OS. I made him switch to linux and an immutable system was the way to go, although I didn't. He lives a ways away but next time I see him I'm installing an immutable system on his laptop. This is great for comapnies using linux aswell . Haven't tried the distros myself but I do see the benefits of them and that the user won't mess things up as easily, whether it's for me I don't know, I'm fine with the way things are on my system.
Sorry, but end-users probably are the LAST group of people with the ability to mess anything up on linux (not like they'll be able to su or sudo, and if they're jailed it shouldn't have been a problem anyway)...so if you think you need it to any users: it's yourself as the admin you _really_ fear messing everything up.
@@DxBlack Guess you're right but I can't count the number of times by dad has messed something up on his PC, he's a tinkerer and always has been. Anyway I don't think it can hurt him in any way and if something was to go awry I get a chance to tinker myself 🙂
If everything actually works in the immutable distro (remote file sharing, sleep mode, Bluetooth, etc...) I could see them being better for a casual user like myself. My last attempt to use Linux on my daily desktop was an utter failure of a system going into a coma whenever it went to sleep. Of course, I'm still waiting for native HDR support before I try Linux again.
The best immutable linux distro is a Linux Live disk on a read only CD Rom, which Linux Mint no longer supports, perhaps someday Chrome OS will, which would be a pretty secure distro.
Puppy Linux
ChromeOS sticks make perfect sense. compared to settings things up, signing in to a Google account doesn't take that long and you can have stuff linked to say google drive instead of local storage. just plug in to any system ,enter network credentials and sign in.
CD ROM? Why not use a floppy disk (diskette) instead?
Have you tried u-blue.
@@replikvltyoutube3727 EasyOS. Not only a "pioneer" of "immutability", but also of containeralisation. Also from Barry Kauler
Interesting to see that Vanilla OS is in the process of rebasing from Ubuntu to Debian. Hopefully Linux Mint does the same soon (despite Clemenet Lefevre's diplomatic statements about wanting to maintain a healthy working relationship with Canonical)....
Or move to rocky linux
Linux mint already have a flavour based on Debian
They are gold for true Linux noobs. I remember playing with Ubuntu 10 years ago and the distro throughout years of trying different versions and updates after while would have the gui fail to launch. The Bluetooth would break. The same WIFI that I had used to download the update would not work after the update. Even now my HDR display would probably be useless on most distros. So far I have been using the steam deck to play Dragon Age Origins, and since cloud save doesn't work I've been using the Steam Deck as my main computer for about a month. Firefox does not full screen properly in game mode, and Chrome crashes pretty often, but the reboots are reasonably quick. HDR randomly turning off has been the only other draw back. I haven't noticed anything that would have let me know that it was immutable as I am probably the target audience for the Steam Deck. Oh, and the HDR fix is super simple, just turn it off and back on in settings then it works for a long time, not sure how long, I am not sure that issue happened more than one time or not. Either way it is seemingly acceptable. Would be nice if they made playing a walk-through while playing a game a little easier, but even that isn't that hard. Alt-tab would be nice though. No major complaints.
0:09 missed opportunity to say “what the FOSS is all about”
Great video mate, awesome summary of the immutable Linux landscape at present and how it can be used.
i gotta say, u are one of the few youtubers that has the ltt segue skills.
Immutable is the Android cognate of Linux. It's great for business usage, and for stable usage for things like Multi-Media creation workstations in corporate environments, and they're also great for newbies who not only un-tech savvy, but don't know what Linux is about, and don't want a geek to babysit them so they don't break their install every few hours.
After 13-15 years of messing with LInux, I consider myself on the cusp of being an intermediate user (but still far away). I say that, because I can see that something like this would keep beginners from breaking their distro so easily. Problem is that it doesn't sound user friendly. Besides, you learn more about your system when you break it (hopefully by accident) and then try to fix it. Then there's the core concept of Linux (at least as I perceive it): the freedom to make it entirely your own. I don't see how an immutable Linux distro affords that ability.
Fedora Kinoite still allows you to install themes and customize your distro. Although with gnome thats not really an option
Nah, I've got a one-track mind, I like Linux Mint!! Gone are the days when used to be curious, I'm getting old now. 😊
My father, a lifelong MS-DOS and Windows user, learned Linux in his final years - on Mint, as it happens. Age is only a number, as they say.
I fully feel you on committing to what works, but never lose that human spirit of curiosity!
Silverblue user here... for the last year. according to MAtt from Fedora... they ARE the future for Fedora. The benefits way surpass the issues.
Re: updates - this is a feature that even some non-immutable distros like Garuda have as well thanks to full btrfs use. On Garuda in particular, btrfs snapshots are created every time “pacman -Syu” is run and every snapshot is added to your GRUB menu, so if some update breaks your system, just boot into an old snapshot and you’ll be prompted to restore it when it’s fully booted.
Immutable distros sure look like an interesting approach for servers or systems that need to be super duper stable. But right now I'm good with Debian testing (even if I sometimes want newer packages earlier...).
Thank you for showing us what they can do!
Jail breaking will be what people will be doing.
Latest Elive Linux has that covered in a nice way. On boot you can choose to boot in your standard system or into their so called "impermutable' system. The latter allows everything the normal system would, except that all changes will be lost after a reboot. It's great for testing intricate stuff that could break your system. 😇
Thanks for this overview on immutable distros, Nick.
I actually considered to put BlendOS onto a ThinkPad I would use exclusively for work but the handling of updates and stuff still feels weird to me.
Maybe sticking with openSuSE Leap and snapshots is the smarter approach here? I don't know.
But I like the concept a lot, especially since both BlendOS and VanillaOS try to get rid of the issue of where to obtain packages from since that's still an issue with say Arch having patches and changes Ubuntu users have no access to even with PPAs.
At least flatpak compensates for that already a bit.
Great video! I am wondering if running another distro inside the container of an immutable distro works better than virtual machines? It could be a good thing to check out other distros without having to reinstall the OS from scratch every time for bare metal vs possible limitations in VMs.
I also think in some cases, tinkering with distros inside a container could provide more security. At some point I want to take the time to learn Arch and it's nice to know that if I break Arch, I still have a secure functioning OS where I can still do my daily tasks.
It doesn't really work like that. If you start a arch container for example; this is one command to create it, another command to start it. Then you just install any packages you want and start those programs. You don't ever install or use the desktop that comes with arch. You won't do much in terms of configuration or customisation.
It is awesome but not even close to full installation experience.
I was hoping you would say you hardly need to reboot at all, just rebooting the overlay userland. Or did you say the appliance type ones can have v high uptime? I use KBOOT/exec to restart my box without going to BIOS
Thank you for this informative tutorial presentation. I did try an immutable (Silverblue), but was stuck since the extra programs i needed were not available as flatpacks or within containers.
I guess I am one year too early to be an immutable system user.
I am a Fedora 38 user, and from day zero to today (4.5months), I have had zero issues. Perhaps it is because of btrfs file system, or my being the sole user of my desktop system.
I have not ever needed to roll-back any software I downloaded, but who knows about the future.
Hello,
Good to hear that Fedora works great for you.
Which software did you miss in containers? It should all be there, only the core components of your OS cannot come from within a container. But I have to admit that it is not trivial to work with containers, at least right now. I think that is something that needs and will improve in the upcoming years
@@matthiasbendewald1803 It did not work for me. I have 4 other partitions that I have and wanted to add to /etc/fstab, to be mounted at time of system boot but ...
I then received information explaining how to add to the immutable /etc/fstab. So, I have an updated /etc/fstab and all is well.
My Development forders are shared across 5 distros on the same system.
Each distro has it's own boot drive, and all share a /Development, a /LinuxStuff, a /temp and /Backup.
Each Devt system has it's own /home.
For now, silverblue is not for me, (I think).
Following one of your previous videos, I tried nixos as my desktop. I like what it's trying to do. But I had a show-stopper. KDESVN is something I use/rely-on. Nixos doesn't include it in its kde packages build. So I went down a several-day rabbit hole of trying to built it myself. I'm a retired software engineer, so not particularly bothered by the idea of building an app from sources. But after several days of banging my head against different brick walls in nixos, I gave up. Nixos trades something I didn't know I needed for something that I did need.
I like knowing that my system won't be unusable anytime soon
I've done something similar to this (the hard way) for years. I do all my banking on a VM that is itself as locked down and isolated as possible. Every time I use it, I revert it to its previous state. It's also on its own disk, and I cut power to it when it's not in use via a honest-to-goodness toggle switch (not a momentary switch). These new immutable distributions sound like they could take some of this manual effort out of my hands!
Still loving my so simple Vanilla OS.
Tried Fedora Kinoite a few weeks ago. The first flatpak program I installed wouldn't run because of missing dependencies in the OS. The FIRST! 😂 Installed regular fedora workstation and decided to postpone immutable experiments for a while...
My main issue with using flatpak containers is I haven't been able to make them scale to the correct DPI of my screen.
A nice to way it is:
Traditional linux distros are a distribution of packages that are managed by a.......package manager
"Immutable" linux distros are distribution of a operating system image on top of which you can install additional software
was windows XP embedded not an immutable OS? (today windows IoT)
You needed to setup the OS to deploy with specialized tooling for OEM, then it was setup on target HW, where it had an immutable partition, and the rest was reset at reboot or by command.
I don't think this will be the future for everyone, but its amazing for enterprise and beginners. I'm honestly excited for what this tech can do for linux on mobile.
I’m actually using a semi immutable os right now there’s a command to remove the immutablenes and the home doesn’t get wiped, updating wipes changes but it’s convenient for a gaming focused “just works” pc
Actually these immutable distros remind me to no-root docker containers. We even had an enterprise kubernetes cluster which enforced using only non-root images. I think they are quite common as server machine images as well.
In all honesty, for me immutable distros have been being the present (in the form of OSTree-based Fedora’s Universal Blue Kinoite and Sericea) for the last almost two years…
Are you usally dishonest?
@@mavfan1 ostree has been a thing for around a decade. I’ve been running it since F35.
I use NixOS, but I actually use a tmpfs as rootfs, to guarantee that there are no changes to the filesystem which arent specified in the config. On boot, it them bind mounts and symlinks paths which should be persisted, as well as some paths which can't be in the nix store, into place.
BTW even my home directory is on the tmpfs. I just persist the XDG directories (Documents, Downloads, etc.) + some more, and the rest gets thrown away at reboot. Helps keep the number of dotfiles low.
I don't think these things will replace conventional distros for users who want to get into the entrails of their systems, but I think they might be good for people who want a reliable computer for doing their work and living their life with (I'm one of those). I've had a brief play with two immutables: Kinoite, because it was the only way I could do an install of Plasma v. 6.0 to try it out (I always seem to have problems with KDE/Plasma), and Endless OS. Both seem nice calm systems, and Endless, though still with a big education focus, now has a default interface designed for adults. I have a friend who's bright but definitely not tech oriented, and I'm beginning to think that Endless might be rather good for her. As I understand it, updating is like updating the OS on your phone, and lots of people are happy enough with that. And Flatpak works fine for non-technical software. These could be just the thing if there really is a surge of refugees from Microsoft.
I would not help with "Linux support" if Noob uses ImmutableNoobOS and has problems with the flatpak sandbox beeing in the way to get things done.
These Immutable systems sound very cool and I wish I could adopt it. But in no way I'm going to jump into this rabbit hole of again trying to learn how to do basic stuff. Things should be easy and the user should be able to do it in a couple of clicks.
Can I install an immutable OS on a multi-boot configuration (separate partition)? I currently use rEFInd and alternate between 3 OS's on one partition. I would want to be able to add say NixOS to another partition and use rEFInd to boot to that immutable NixOS whenever I want.
I just worked out how to set up a second drive as my /home folder by editing the fstab configuration file. I guess I won’t be able to do that in an immutable distro?
sooo.. basically immutable os is is kind of a docker with a grub entrance?
I think they're best for educational purposes and to use in sensitive office environments
@TheLinuxEXP, wouldn't Android also qualify as an immutable OS/distro?
This sounds a lot like a live Linux environment with a persistence “overlay” - this allows you to have read/write access to the whole OS while keeping the base OS image.
I used nix for 2 years + . Had to use the rollback for some reason my pc don't like the stable kernel. So happy it works this good and even with ext4 and not forcing btrfs on you. Even tho i liked using that it wears more 'the filesystem' . The minus side, is that you need to "collect your garbage" and it will take large amount of space on your drive (the old generations) :)
It's never "one size fits all" or one way of doing things that fits everyone's needs. Immutable distros show off the power of Linux in what they bring to the table for those who want those things...and like all things Linux, they're just an option.
Exactly!
I love a lot about the idea of immutable distros. Having my computer work like a fresh install all the time sounds great. But I worry that they give too much control to the distro makers. It feels like a step towards walled garden ecosystems. And I do quite strongly oppose that.
Immutable systems are inspired by how smartphone operating systems are already image-based. If you can deal with the whole OS as a single image, Secure Boot (or a future technology like it) becomes way more powerful. Antivirus software, while practically unnecessary now on Linux, will offer even less benefit on an immutable system because you can just restore the device with a reboot. Overall, I’m on board with the idea of immutable systems, but there is still enough to tinker with (e.g., graphics drivers doing funky things) to make these systems undesirable to large segments of the community.
that sponsor segways was not unexpected but smooth 😂
Currently on VanillaOS and it is a blast., atleast for me who is using Linux mainly as a everyday machine rather than a workstation. It is something I can see preinstalled on devices in the near future and I hope they can pull all of their goals off. Their premise is great and I love what they accomplished, hopefully OS 2 will turn out even better than the first one. Thanks for the Video on this topic!
I tried Vanilla on my old laptop and it worked really well.
The only thing I hated was the gnome DE.
Idk if or how you could change it.
@@Skelterbane69 you can’t, they have intentions to atleast bring KDE into the mix but currently only GNOME.
If you look for another immutable, more friendly Distro, Silverblue/Kinoite especially with ublue and BlendOS are great too.
@@pascalt3572 I specifically want my hyprland. I'm quite happy with my current distro, but I'd like the safety of immutability.
this video so good, i have to re-watch it and take serious notes.
i've installed silverblue simply because i need something that i can always count on working for my school laptop. too many times have i created bigger issues trying to solve little ones
QubesOS does this since many years. There is a template image that is immutable when the app image VM based on it is booted. All changes are discarded after reboot except some whitelisted directories like the user directory or Docker image cache.
I can see immutable desktops being used by companies that need to maintain consistency throughout their user base. I can see something like NixOS being used because it can rebuild itself after each reboot.
I can't patch the ACPI tables to make my speakers work. If that was a non issue, then I'd use Nix.
Haiku is kinda-immutable too, but has an interesting scheme. The base system is distributed in the same .hpkg packages as regular software, and .hpkgs never unpack, but mount on boot kinda like Snaps but without cluttering mount list.
To install a package, you don't even really need to use a package manager, you can just copy the package into /system/packages/
You can also install a package per-user, by copying it into ~/config/packages/, but this has no use as of right now, since the OS is single-user in R1
What about rootkits residing in UEFI bios? Is there any protection or detection against this?
Hi Nick. I have a question: Have you switched to Nix or SUSE yet?
I pretty much think that immutable distros are much better for enterprise workstations. It makes the work of the IT guys much easier since it is already locked down. Normal distro is still the best for home workstation....
I think that this will be great for workplaces or even libraries in my area, but I can’t see myself needing this on my laptop
I run Silverblue on my daily driver and am super happy with it. I wonder what other immutable OS'es people actually run (or tried) and what they think of it.
I went from silverblue to microOS and I find it better in every way, except the installer.
The new SystemD soft reboot will likely make them a bit easier.
I do not believe I would try this immutable stuff any-time soon...
ok but the obvious question, do you get to get rid of the old system images or no? because i would imagine immutable linux would fill up your drive very quickly, just like the rollback feature on other OS'..
Yes, you get rid of old images
If this system can be ironed-out to make it more user-friendly, then like universal packaging it could be another step towards catching up to Windows' market share
You can also use the nix package manager as a universal package manager for installing things like vim, shells, and other things.
The question how updates are handled (need reboot before applying or not) can be very different, depending on *how often* the distro gets updates. Fedora installs updates after reboot, which I would be almost okay with... if it didn't get updates pretty much *every day*! Getting daily updates means you need to have a quiet, background, no-hassle update mechanism that interferes with you workflow as little as possible - a case for no-reboot-required *points to traditional distros*. If system updates are rather a bi-weekly to monthly phenomenon (which I would prefer), then requiring a reboot can be okay. Likewise, if we install, remove and configure stuff a lot, having to reboot each time is a big hassle. If you setup a laptop for your old relative who only ever uses the same three apps, the immutability will probably be a boon.
I think the idea is that you reboot to your updated system once you're done with the PC for the day (or if you're the type to turn the PC off when you go sleep it'll boot into the newly updated system when you turn it on next). Poke around universal blue and the youtube videos of one of the guys behind it (which you can find on its website)
I had install silverblue on my second laptop, it worked fine for the most part however there were things I hadn't been able do till this date like use cuda with pytorch inside toolbox.
This looks like a good foundation for appliances - after all, Linux underlying Android phones, Kindles, routers etc are essentially immutable.
So, it's like soft firmware? firm software?
If people keep using their computers as browser appliances, immutable systems make way more sense.
A read-only /usr isn't a new development at all. Mounting it over a network and updating | installing new software out of band was supposedly quite common in the past decades. The goal was to share it among whole fleets of computers, which is arguably what image-based distros are trying to achieve now, just without network storage.
I honestly think immutable OSes are better for new users and most intermediate users.
The added stability, the ease of using flatpak and flathub as your single packaging system, not being allowed to screw up your system. All of these benefit newer users.
I do think the concept of immutability goes agains the idea of a free, and open system. But it seems like a better way of doing things for a lot of people.
This is why I main Nix
what happens if you want to blacklist drivers or change some power settings, etc. I have edited boot files and others to make fedora 38 run nvidia. if a distro is immutable, how to make system changes for certain hardware, etc.
Unless this is done in /etc or /var, or through a tool like systemctl, it’s going to be very difficult
Isn't booting from some read only media with scratch/storage something that's been an option for, well a very very long time?
This sounds also a lot like something Windows has had as an option since windows 8 (not 8.1, just 8) called wimboot. The operating system being written to a single compressed read only file decompressed on the fly at runtime and then updates to it are overlayed on that. I think it just lacks the ability to easily and seamlessly roll back the updates if they fail or to restore the system to original installation state.
Could you call her things like: using video editors with Linux, streaming with Linux and especially using Linux as storage servers and NAS like symbology.
Wouldn't immutable instances/containers make a lot of sense for servers especially web servers?
Not really. Most people on cloud are image based, but on a packed distro for quick updates for security situations
They're not "immutable" per say, but the point of e.g. a Dockerfile is that the created image will always be the same, so at the start it has the same effect
Absolutely. That's why Fedora CoreOS/IoT and OpenSUSE MicroOS exist. They're basically boot loaders for docker/podman images. I believe they're gaining a lot of traction in the server world.
Of course it's secure! It is always about security. You can't have a text editor without it self-updating and informing distributor about how secure your personal files have become. "Here's the list of those: ..."