Welcome To An Immutable Future?

9:39 Honestly, I think the big difference is not just being able to create your own distro bc that sounds tedious. Really, it's that you still can modify all parts of the root; it's just done through some method of layering changes on top of it, so you can revert back if you break.

DylanMatthewTurner

Immutable distros are distros where your volume is locked to 100% and you can't mute it

cluesagi

I'm glad to know my auto-generated Mastodon post was read by someone. Have wanted to get into immutable systems for a long time, but downloading images takes so long, and I just got lazy.

Trafotin

IMO the biggest Problem with immutable Systems is just the big fear of change in the Linux community because i would say immutable Systems are a big big step towards making Linux the System of the Future. The Huge majority of Users are casuals, that dont want or seem themselfes able to tinker with the os or incase of an error to reinstall the os. Those immutable Systems make it possible for everyone to install or uninstall Software as their hearts Content without worrying about rendering their Devices useless. And this was long enough a concern of many that heard about Linux and its perks. With this gone the userbase of Linux can hugely increase and make Linux the System for everyone and with this the Focus of Most Software developer will change. And for working arround the Problems that come with immutable Systems, a lot of developers have shown (thanks to the steamdeck) that it is possible, with examples like brew, distrobox or podman and all the flatpaks (that are working on the steamdeck right now) that the Future of Linux (implying it is immutable Systems) is just another way of installing and using Linux Software. And if this is going to be the way, Linux will be the one and only os in the Future. And of course Server based usage should probably stay mutable.

lumadrive

Great video, Linux Cast! Immutable Linux distros are becoming increasingly popular among developers and system administrators due to their enhanced security, stability, and reliability. It's great to see you dive deep into the topic and explain the benefits of using immutable Linux distributions like NixOS, Fedora CoreOS, and Ubuntu Core. I appreciate the effort you put into making this video and providing a comprehensive overview of Linux distros. Keep up the excellent work!

mayankmani

I'll disagree with the notion that it takes away freedom. You can still modify your configuration files they are outside the read only part of the system. Immutable part comes where the distro ships your core OS such as kernel etc and system files made to run plus DE things 98% of the people arent going to change. If people want to modify dwm most files in /home or /etc where configuration files typically lie are still modifiable

cynricsaxon

I think immutable distros exist for the segment of people who don't want all the freedom. Either for others (like your employees, students, or your grandma), or for yourself. Some people just want something that's going to work, and I think immutable distros are great for those kinds of people.

As long as things continue being open source, there should be no worries about the existence of mutable distros. Someone can always fork and make something new.

afroceltduck

I think a good analogy is to compare it to Live CDs, which are immutable too. You need a different storage device to store your own files persistently. I know this is not the same thing, but I think it can help visualizing as a concept. Edit: Also Rust programs managed by Cargo are build and installed under the home directory too and therefore don't require root rights in the immutable system.

thingsiplay

I think the biggest flaw immutable systems have is their naming. They are, in fact, not immutable.
I wonder why they didn’t come up with something line „version controlled root“.

And I wonder if they called it immutable because it’s a buzzword coming from functional programming.

hansdampf

Having grown up with 8-bit systems that often booted (quickly) from a ROM chip, but the startup sequence could complete differently according to another cartridge or disk inserted at boot time,
the current implementations of "immutable" (but upgradeable / replaceable) seem positively flexible by comparison.

Yes some of our ROMs were socketed and intended to be user-replaceable but others required de-soldering.

UKprl

Colin G. Walters wrote an article about what claims point towards "immutable" versus what they more accurately classify as. I can't link to the article because YouTube will just zap this comment out of existence as soon as I post it.

I'll spare his whole "Anti-Hysteresis" lesson and sum it up this way; it's a means to preventing system rot by changing how it's maintained. DLL hell, dependency hell, package drift, configuration drift, etc. are just facts we have to live with when we've lived on an install for a certain period of time. Ostree, and the upcoming OCI container image system, is intended to prevent this. NixOS is another solution using different methods. Of course, different solutions often introduce problems of their own, but it's a means to an end nonetheless. The end being a more predictable system state.

As far as this future hype is concerned, I really do not care. It's going to be a *part* of the future, much like NixOS, Flatpaks, pipewire, etc. all these newfangled toys are additions to a growing ecosystem. Not a dictated path of the whole.

phonewithoutquestion

I have a few thoughts here. Maybe I should make my own videos, but here is the text wall:

1. Windows does not take away your freedom to mess with things. I have done done a variety of different registry hacks to edit File Explorer's sidepane and the right-click menu, and many different programs exist to customize Windows. There are alternative file managers, Winaero Tweaker for registry edits, O&O ShutUp10, and many others. Of course, a person who is accustomed to using tiling window managers will still argue that Windows isn't really customizable because the underlying operating system is more or less married to the desktop environment. To most people, though, this uniformity is a strength rather than a weakness.

2. With immutable distros, there is absolutely freedom to edit one's system. You basically just have to go through the same process that the package manager must use, which is to clone the root partition, make changes there, and then boot into that clone of the system. There config files that need to be edited all kinds of different reasons, like to add drives (/etc/fstab), support controllers (/etc/X11/xorg.conf.d/50-joystick.conf), or set the screen's brightness while the login screen is coming up You just have to read some documentation, which you basically have to do anyway to figure out how to change or fix whatever you're working on.

3. For a desktop user, BTRFS snapshots and rsync (rsync just for /boot and /boot/efi) are more than adequate for creating the same level of stability. In fact, I would argue that BTRFS and rsync are even better than immutable distros, because once you know how to use them in the terminal and in GRUB, then you can perform a recovery without a graphical environment. Also, people should just use BTRFS regardless. The CoW feature makes data loss from a hard shutdown virtually impossible, and it saves disk space when you copy files. Now if you do use snapshots, then those will eventually take up a lot of disk space, and then managing that becomes annoying—but that's only if you're using snapshots to create rolling backups.

4. Malware persistence is a very complicated discussion. Immutable distros, when used in a business context in conjunction with Secure Boot, do stop malware persistence. It's similar to an Android or iOS system; these operating systems are immutable, so Secure Boot (or equivalent technology) alone is sufficient to thwart malware persistence. In a business where a user cannot change the immutable part of the system, this is also true. However, on a home desktop where we expect to have more customization (e.g., mounted drives, hardware fixes, etc.), we allow the device owner to make make changes using the package manager. This could exploited by a malicious program, though it would require additional programming or system probing on the part of the attacker. Therefore, the security model would need to be like Windows, in which antivirus is installed and is watching over everything on the system below it's privilege. The limited number of things above the privilege of the antivirus should be protected by Secure Boot. Of course, Linux is a smaller malware target, and software usually comes from trusted repositories, so the home user is likely already better off than they were on Windows and is therefore justified in not taking any additional security precautions (e.g., Secure Boot, antivirus, AppArmor/SELinux, etc.). (Note: Linux's security advantages are never a free pass to visit sketchy websites or open unsolicited attachments—not even in QubesOS, because while you can delete a qube, you might not realize when you need to.) Hence, the bottom line for a home user of immutable distros is that they might break some relatively primitive script kiddie exploits, and that's about it.

5. Phone Without Question's comment about system rot is an excellent point that I had not considered, but he's right. The traditional packing system on Linux has some limitations. If a program wants, for example, GLIBC, there is only one GLIBC on the system, and the program must call to it. Sadly, I can't just have multiple versions of GLIBC and let each program call to the version it wants to use. This is the major advantage of the cross-platform packaging formats. AppImage puts these bundle needed libraries with each app, while Flatpak and Snap are whole package managers that allow apps to share libraries when possible while discriminating between version differences. Broken dependencies become impossible under these packaging schemes. Realizing this advantage of the new packaging formats, it absolutely makes sense why Ubuntu is trying to replace regular packages with Snaps (e.g., Firefox is installed as a Snap out of the box). Backwards compatibility has been a major advantage that Windows has over Linux, and the new packaging formats will help Linux overcome this weakness by allowing dependencies to become the rat's nest they inevitably become without locking up the package manager. (For the record, Windows is not perfect here; there are some old Windows games here and there that can be run through Wine but not natively on Windows.)

OcteractSG

Fedora kiniote needs more love in this video. Btw, I run immutable operating systems on both my servers (OpenSuse micro os) and desktops (laptops) - (OpenSuse micro os and fedora kiniote with ublue) because I’m a lazy admin and I want reliable system that will always boot properly every time.

oscs

More of a note to people, who want to look into some immutable stuff: all OpenSUSE ISOs offer installing an immutable system (it's called transactional server in the installer), and on the overview, or summary you can go to customize software being installed and just pick a desktop environment of your choice and voila. You've basically made your own spin of MicroOS. It works with Tumbleweed and Leap as well (I would recommend Leap 15.5RC as it already has distrobox in their default repos). Only drawback here is that you would need to use transactional-update to install some packages (e.g.: distrobox), which MicroOS would have out-of-the-box, but that's just the initial setup I guess. After that you can proceed with using just flatpaks and distrobox for your shenanigans and leave base system clean with the base set of packages you have chosen and / or installed during your post-install setup.

laniusdev

I guess it's up to you. Some people just install Linux with defaults, install docker/podman-compose, some web interface for container management and since then don't care about system. I guess it's perfectly valid alternative, but it's not for everyone.

pavelperina

I'd definitely run immutable distros on servers and things like phones. But for a desktop and probably for a laptop, I probably wouldn't.

fakecubed

the best explanation I've seen so far on youtube. Thanks for taking the time to do this! I've learned a lot and things are clearer now

josemiguelochoa

Superfluous. Wow! Stretched my brain this morning with that one. Thank you! ;)

donpeer

When i got comfortable with ostree rebase and rollbacks, my already dormant distro(actually DE)hopping urge has risen to levels unheard of before and i would literally use gnome today, kde tomorrow, then gnome beta next day and then new immutable sway spin alpha later. And rebasing to that alpha felt totally safe

Also since these immutable images are intended to be used with flatpaks or distrobox they're as small as possible. It's weirdly satisfying just having a smaller package count out of the box on silverblue than on fedora workstation, and immutable sway spin is both as minimal as possible and required me to add very little to have all i need, it pretty much contains the same stuff i would manually install on Arch anyway

rjawiygvozd

IMO…immutable distros are a blessing to businesses and servers. They can also be nice for the average computer user. For the computer hobbyist or nerd, they add a level or two of complexity in order to change the base files. In traditional Linux systems, the base files are easily accessible and changeable. So, the learning curve for the noob is less than with an immutable distro. As it stands now, a major complaint against traditional Linux distros is the learning curve to learn scripting and the terminal. While playing with the base can crash your system, it also provides an environment where you can easily make changes. Bottom line, it all boils down to personal taste and preference. I’ll probably stick to traditional Linux systems for playing around and learning. I might consider an immutable system if I were looking for security and stability.

donaldmickunas