I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can’t mess with the root without extra steps.
For anyone who isn’t familiar with immutable distros I attached a picture of mutable vs immutable, I don’t want to describe it because I am still learning.
My question is: what does the community think of it?
Do the downsides outweigh the benefits or vice versa?
Could this help Linux reach more mainstream audiences?
Any other input would be appreciated!
Since the idea is that the “root partition” is immutable, serious question:
How do you fix a hardware config issue or a distro packaging / provision issue in an immutable distro?
Several times in my Linux history I’ve found that, for example, I need to remove package-provided files from the ALSA files in
/usr/share/alsain order for the setup to work with my particular chipset (which has a hardware bug). Other times, I’ve found that even if I set up a custom.XComposefile in my $HOME, some applications insist on reading the Compose files in/usr/share/X11/localeinstead, which means I need to be able to edit or remove those files. In order to add custom themes, I need to be able to add them to/usr/share/{icons,themes}, since replicating those themes for each $HOME in the system is a notorious waste of space and not all applications seem to respect/usr/local/share. Etc.Unless I’m mistaken on how immutable systems work, I’m not sure immutable systems are really useful to someone who actually wants to or needs to power user Linux, or customize past the “branding locking” that environments like Gnome have been aiming for for like a decade.
My guess would be: have an additional overlay filesystem on top of your immutable root and apply all your fixes to it.
On the one hand sounds sensible, on the other hand I wonder if that’s possible when wanting to apply things that need to take place as early in boot as possible (eg.: modprobe options for a module, apparmor profiles, …).
what does the community think of it?
Everyone has their own opinion, personally I think they’re a great idea and have lots of great applications. But just like rolling vs non-rolling release it’s a personal and application dependant choice.
Do the downsides outweigh the benefits or vice versa?
Again, depends, for my personal computer I wouldn’t use it because I think it could get complicated to get specific things to work, but for closed hardware like the Deck or even a fairly stable desktop used as a gaming system it’s perfect.
Could this help Linux reach more mainstream audiences?
It could, it can also hamper it because people might start to try solutions that only work until next boot and not understanding why, or having problems getting some special hardware to work (more than it would be a mutable distro). But there is a great counter to this which is that once it’s running it will be very difficult to break by user error.
At the end of the day I think it’s a cool technology but that people should know what they’re getting into, just like when choosing rolling vs non-rolling distro, it’s not about what’s better, but what suits your needs best.
From an advertising perspective, it’s important to think about who you’re targeting. Who are your likely customers? Certainly there are some based on the strengths that you raised.
However, some people are definitely not a good target audience, and some people is actually a very large group of people. There are a lot of current and potential users who essentially want the standard major applications to work, and they’re not going to touch the root partition, and they want things to be very simple. For people like that, Debian or Ubuntu or Fedora already do what they want. And these major operating systems have been around for so long that people will naturally be more confident using them, because they were their friends have experience, or because they think the organization has more stability because of its experience.
Of course a lot of things depend on how you define words, but to me the above paragraph describes the mainstream audience, and I don’t think you’re going to have much luck reaching them, because I don’t think the thing you’re trying to sell gives them extra value. In other words, it’s not solving a problem for them, so why should they care.
turn off. immutable
I have a really hard time getting Aurora working the way all my other Linux devices so that are running some form of Ubuntu (Mate or Bodhi). With that said, it’s been very stable and i like not being interrupted with packages to install while working on things…
Mixed bag review. I give it 3.5 out of 5 stars.
I don’t work in tech but I love to tinker , have a home lab etc. I love using Linux for this, been on Linux for close to 20 years.
Got a steam deck little over a year ago, it was my first immutable
I just moved to an immutable silver blue. Been loving it so far. There’s a few things I have issues with, but it’s “just works”. I still distro hop and fuck around breaking my system for fun from time to time, hahahah. But having my main system on immutable has been great.
The whole point of Linux is to tinker, immutable distros destroy the whole point, not to mention, it’s a very windows-approach
Not to mention there’s no guarantee if security even with Immutable distros
The whole point of Linux is to be a FOSS kernel/OS, that’s it.
Anything you want to (legally and morally) do with it is fine and you should not have to conform to arbitrary limitations set by others.
If you think that Linux is only for tinkering, not only are you completely wrong (since most machines running Linux are meant to be stable and not tinkered with, think servers, iot, embedded devices, etc) you are also missing the point of FOSS, since it aims to give the user freedom to do as they see fit, which includes preferring stability and security over tinkering.
There’s Linux-Libre
Not to tinker is a good thing for me at least. Some are Ok using LFS, Gentoo, etc. But distribution like Fedora Silverblue is low maintenance as i just want my task easy and an OS that just works.
To You, that’s the keyword here
I don’t think the point of Linux is to tinker. That would kinda make it for tinkerers only. In my view, the point of Linux is that its a kernel only and you can use it to build an OS around and build one which is easy to tinker with or one which isn’t. Point is, not every system is suited for every task and the Linux kernel allows you to use it how you wish (via distros or you can make your own system around it). Why the gatekeeping?
It is, it’s your machine, it’s YOURS to tinker to your needs
Or yours to not tinker and just use distros default. Right?
Umm sure, mutable ones give you the freedom
How does immitable differ in this case?
Cuz it’s immutable
When I just want it to work for my needs (i.e. using just web browser for most people) there’s no difference. Except immutable is less prone to go wrong.
The whole point of Linux is to tinker
Fair enough but the sole reason I went to Linux is because I despise Microsoft. I wanted a less bloated, not ad ridden, and more customized( mainly just the GUI) experience that gave me more control over my PC. Now I only use this PC for gaming and streaming, so really I just want those two things to work with as little fiddling as possible. Obviously everyone’s use case is different and immutable is definitely not a good choice for power users (from what I’ve read).
Immutable, doesn’t mean extreme secure. It’s a false sense of security.
It could be more secure.
But during a runtime, it is possible to overwrite operational memory, mask some syscalls, etc.That’s my 3 cents.
Secure can also mean more resilient. The infosec C-I-A triangle has three legs. Confidentiality, Integrity and Availability. Immutable distros are more resilient and thus offer better availability in the face of attacks or accidents.
Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing
~/.bashrcand putting a binary somewhere.I didn’t know that inflation can affect idiomatic expressions.
it doesn’t allow changes to stuff that needs root access to change. If you have root access you can do anything, including switching images. It is not more secure. It’s not less either
It’s definitely great for the mainstream. Think of Linus Sebastian who has somehow broken every OS except for SteamOS.
It’s not great for me who uses Arch Linux btw with the expectation that if the system doesn’t break on its own, then I will break it myself.
And anybody who thinks that Linus doesn’t look for those ways to break Linux is deluding themselves. He’s a fucking asshole.
He can be an asshole, but I believe finding bugs is part of his job.
Would you rather have him find them and complain to a community who might know what they could be, or someone else who will just complain and buy a MacBook instead?
Honestly, I would say it isn’t great for anyone who has to do something low level even once. Now that there are open source nvidia kernel drivers that has solved a pretty big issue for most people who would be interested in immutable distros, but there are still many other drivers and issues that your regular user may face.
One example off the top of my head is that flatpaks specifically can’t ship systemd services if I recall correctly. A lot of wayland apps for thigns like input have to use daemons because of wayland’s security model. Lact for AMD and now Nvidia GPU control, ydotool, or even gui versions of such tools for remapping input.
Snaps require custom kernel modules that aren’t used outside of ubuntu, so I hesitate to trust them regardless of any of the other issues people have with them.
This basically leaves appimages which aren’t available for everything and don’t always seem to work at least not as reliably as flatpak. I even tried to package the rstudio forensic software as an appimage myself, so I could have an easy way to use that proprietary piece of software, but I just couldn’t get it to work. I couldn’t get it to work with distrobox either using the official methods they provide to install it on linux. I did get it working in a chroot for some reason, but it had graphical issues. In the end, I made a PKGBUILD for arch and got it working that way.
The point of all this is that a lot of times people say immutable is great for average, non tech savvy people, but I believe that literally everybody ends up needing to do low level stuff at least once or twice every so often. Which simply isn’t a great experience since you end up having to do layering which throws these theoretical average users right back into the normal complexity of a mutable system, but with even more uncertainty in my opinion.
Now then with all of these caveats. I do still agree that immutable distros are great for the aforementioned group of people and I know this statement contradicts a lot of what I have described above. The reason why I think they are great for the less tech savvy people however isn’t because of any actual technical merit of the systems design though. Immutable distros are great for people like Linus Sebastion because it limits what they can do. You simply have to accept what is there the same way that you have to on proprietary systems like Mac and Windows. Those systems force you to do things a certain way unlike Linux and that is what people like Linus need because they have no business mucking around with the system to begin with.
Lastly, all of this only works because devices like the Steam Deck are being run on specific hardware thus guaranteeing there compatibility. This is what we ultimately need. There would be much less need for low level operations to get drivers or change settings to make wifi or audio work right on a billion different devices if these people were buying linux compatible hardware in the first place.
You can install packages in immutable distros. It’s just not as easy and recommended as a last resort.
With Universal Blue (Bazzite, Bluefin, Aurora) you can install packages with “layering”. It’s basically modifying the image by adding packages on top of what is shipped by the distro, and those packages get added each time the image is updated.
The better, more involved solution is to create your own image from the base image. That gives you a lot more control. You can even remove packages from the base image.
These are valid concerns but to me they sound more like lack of tooling rather than inherent disadvantages of immutable distros. Linux distros have not historically been designed from the ground up for immutability and it makes sense that there are issues that aren’t handled optimally. Surely we can come up with clean and simple solutions to basic problems like setting up daemons and drivers if we work on it!
Weird, I don’t have any issues developing custom systemd services or similar on my Kinoite installation. Packages that need to run on the host system can be layered, everything else is running in distrobox.
Immutable distros are great for applications where you want uniformity for users and protections against users who are a little too curious for their own good.
SteamOS is a perfect use case. You don’t want users easily running scripts on their Steam Decks to install god knows what and potentially wreck their systems, then come to Valve looking for a fix.
Immutable distros solve that issue. Patches and updates for the OS roll out onto effectively identical systems, and if something does break, the update will fail instead of the system. So users will still have a fully functional Steam Deck.
If you’re not very technical, or you aren’t a power user and packaged apps like Flatpaks are available for all your software, then go for it. I prefer to tinker under the hood with my computers, but I also understand and except the risk that creates.
Immutable distros are a valuable part of a larger, vibrant Linux ecosystem IMO.
Immutable are the ultimate tinkerer’s distros. It’s just a different way of tinkering. True tinkering in immutable means creating your own image from the base image and that allows you to add or remove packages, change configs, services, etc.
Example: you create your own image. You decide you want to try something, but you’re being cautious. So you create a new image based on your first with your changes. You try it out and you don’t like it or it doesn’t work for some reason, you can just revert back to you other image.
Another thing worth mentioning, with these distros, you can switch between images at will. I’m new to Linux as my daily driver desktop OS, and I’ve rebased three times. It’s really cool to be able to do that.
Don’t know why this would be downvoted. Atomic distro’s are a tinkerers paradise, as all of it can be done fearlessly. I can make stupid changes to configurations that I don’t understand on NixOS, then when things break, simply revert the git commit and rebuild. (Or reboot to the last build if I broke it bad enough).
Who knows. People are passionate about Linux. And downvoting takes no effort. And people downvote stuff randomly.
if something makes linux more secure, safer or easier to use then it’ll be hated because people in the linux community are allergic to all those things. Secure boot? they hate it, wayland? they hate it, immutability? they hate it, flatpaks/sandboxed app? they hate it, gnome? they hate it. Even rust is hated by many.
So Bazzite basically is an immutable 3rd-party SteamOS. It was originally designed for handhelds (though has desktop images now) and includes the Steam Deck’s
gamemodepackage. That means it has the same interface, but working on a Legion Go or an Ally X. If anyone here has* any of those three you should seriously check it out!The other thing as well is that more often than not, the update will succeed and you won’t figure out until the next boot that something is wrong. However, Bazzite has a rollback tool so you can just change back to the previous image, reboot again and get to gaming.
That’s the best reason for immutable for gaming IMO. I don’t want to be fucking around with the OS when I’m in the mood to game. Being able to quickly rollback and jump into things in ~10 minutes or less is how it should be.
Immutable vs Mutable weird normalMore like familiar and unfamiliar
Yeah that’s what they said
NixOS is kinda the best of both worlds, because it does everything in a way that is compatible with an immutable fs, but it doesn’t force you into abiding by immutability yourself.
You can always opt into immutability by using Impermanence, but I’ve never seen any reason to.
Edit: That said, the syntax has a steep learning curve and there are tons of annoying edge cases that spawn out of the measures it takes to properly isolate things. It can be a lot to micromanage, so if you’d rather just use your system more than tinker with it, it may not be a good fit.
Impermenance is not the same as immutability.
I suppose you’re right. It’s just another tool for helping you abide by immutable practices without forcing immutability as an unbreakable rule.
- You can still apply updates live, e.g. on Bazzite (Fedora Atomic) with the
--apply-livetag (or however it’s spelled). - The root partition isn’t read only per se, but you have to change the upstream image itself instead of the one booted right now. You can use the uBlue-Builder for example to make your own custom Bazzite spin just for you if you want.
- Both aren’t inherently secure or insecure. It’s harder to brick your system, yeah, for sure, but you can still fuck up some partitions or get malware. It’s just better because everything is transparently identifiable (ostree works like git), saved (fallback images), containerised and reproducible.
- And you can still install system software, e.g. by layering it via rpm-ostree. Or use rootful containers in Distrobox and keep using apt or Pacman in there.
Distrobox is something I want to start playing with, I like the idea of the containers
With Aurora, I was unable to get winehq working without installing it from a distrobox instead. I can now play SimTower on my Linux PC.
I run bazzitr and distrobox is amazing. No need to worry about distro when some devs only provides deb only.
- You can still apply updates live, e.g. on Bazzite (Fedora Atomic) with the
Immutable ≠ atomic
Bazzite is atomic (not immutable), same with Silverblue and other Fedora variants (they’re all atomic, even on their main page it says atomic). It’s kinda misleading ngl
Fedora Atomic IS immutable. Rpm-ostree just layers (or hides) stuff on top of the already existing image. If you layer something, e.g. Nvidia drivers, you still download the same image everyone else uses, but basically compile the driver from fresh and put it on top. And that takes time. This is the reason using rpm-ostree to layer stuff is not recommended.
That’s why uBlue exists for example. It gives you a sane start setup, where all drivers are already built in into the image. And then you can either use the clean base and add your own stuff to create your own image, or use already great ones like Bluefin or Bazzite, where everything you want is already included.
Atomic just means that every process is either completed without errors, or not at all. This way, you don’t get an half updated and broken system for example in case you loose power. Happened to me quite a few times already, but never with Fedora Atomic.
Pretty much anything outside of
/var/(even/home/is placed inside/var/) is read-only, and if you want to modify your install, you have to build your own image. Therefore, it is both immutable AND atomic.That’s why I prefer the term “image based”
Isn’t that just their nomenclature for immutable?
What’s the difference between an atomic distro and an immutable one?
A distro can be both atomic and immutable, and they often go hand in hand.
Immutable simply means the core of a distro is read-only, meaning it cannot be modified by usual means. There are still ways to modify these files, but it works differently than in other distros.
Atomic distros are ones that update atomically. Atomic is used to describe an operation that cannot be cancelled in the middle of it, they either complete, or nothing changes. This means you can’t break things by cancelling an update midway through. Atomic distros also often come with the ability to rollback to the previous build of the system.
Doesn’t all immutable distros have updates that can’t be cancelled and that will either complete or not change anything?
I only just started learning about immutable distros so I may be completely wrong but it’s how I understand them to work when reading about it.
Immutable ≠ atomic, but they generally come as a package deal. Bazzite, Silverblue, and all those other distro’s that call themselves atomic are also immutable. An atomic distro is just one with atomic updates, and an immutable distro is any distro with a read-only core.
These distro’s have started mainly calling themselves atomic because they agree that immutable is a poor description that generally confuses users.
I personally vastly prefer mutable distros for my own system, but I understand the appeal for those who like them. As long as mutable distros remain an option I don’t mind immutable distros.
As long as mutable distros remain an option
Precisely this, linux is about choice. It’s not like suddenly most distros would change init systems and make it near impossible to choose… oh, wait…
I prefer mutable and see immutable mostly as lazyness but if people wanna use’em go for it, i’m not pushing mutable down their throats.Linux isn’t about choice, it’s about freedom. Distro’s don’t owe you the choices you want, because the devs have the freedom to make what they want. You also have the freedom to modify them or make whatever distro you want.
