• 1 Post
  • 107 Comments
Joined 5 months ago
cake
Cake day: June 15th, 2024

help-circle



  • Btrfs snapshots + Snapper have been (somewhat) pioneered by openSUSE Tumbleweed. Yet, they see value in developing openSUSE Aeon (i.e. their attempt at an ‘immutable’ distro); otherwise they wouldn’t be putting resources into it.

    Hence, Btrfs snapshots is (at best) only able to fulfil some aspects we’ve come to expect from ‘immutable’ distros. But there’s more to it than that.

    One of the most simple (and, yet, perhaps most defining) feature that ‘immutable’ distros come with is atomic updates; i.e. updates either occur or not, there’s no in-between messed up state caused by energy outage or whatsoever.

    There’s a lot more to it than that. To mention a few more:

    • reproducibility
    • declariative system management
    • (some) prevention of cruft accumulation, bit rot and configuration drift
    • better security related to read-only part of OS
    • a lot less undefined/hidden/unknown state

    Not all ‘immutable’ distros possess these qualities. Nor are they aspired by all of them. Hence, lumping them up together is actually a blatant oversight that’s been committed way too frequently.

    Regardless, if you’re interested, consider trying out Fedora Atomic[1], NixOS or openSUSE Aeon for yourself and see what it’s all about.


    1. Either through Fedora’s own images or the ones provided by uBlue.

  • poki@discuss.onlinetoLinux@lemmy.mlAm I overthinking it?
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    4 months ago

    OP, it seems as if the fear mongering and misinformation may have reached you through your cautious disposition.

    I’ve gone through every single comment found below your post and at times I’ve been dumbfounded and/or astonished by the ludicrous claims that are spouted.

    FFS, someone even expressed a problem found on imperative systems… While Fedora Atomic can be made (relatively) declarative (i.e. the exact opposite of imperative) for over a year now.

    I will leave you with two videos in which the recent conference talks by the very same people that work on Fedora Atomic can be found. Consider watching these if you’re interested to know what they’re actually currently working on. If you pay attention, you will even notice how they mention common misconceptions that have also been brought up here…

    First watch this one. Then, watch this.

    The only fair criticism that I’ve found is the required investment and effort to adjust due to the associated paradigm shift and learning curve. However, this is peanuts compared to Guix System or NixOS.



  • is lead by a single person

    Ultimately, (some) decisions are made by a single person. However, the list of maintainers suggests that contributions are welcome.

    > even though there is no evidence that Chromium is not even less secure)

    The double negation makes it hard to understand; but if I would give it a try, then I would get the following:

    “even though there is evidence that Chromium is even less secure)”

    If the above represents your views, could you provide said evidence?

    even though there is no evidence that Chromium is not even less secure

    What’s your take on Madaidan’s (i.e. security researcher on projects like Kicksecure and Whonix) article on the matter? I’m aware that it’s a bit outdated. However, would you be able to confidently claim that nothing found within is relevant today?


  • Thank you, once again, for the reply!

    I just know that it is even “hard” to replicate the configuration of snapper on a system like Void Linux.

    Yeah lol 😅. It’s definitely a blessing when it’s setup by default. For example, while Fedora Atomic does come with a built-in rollback mechanism through rpm-ostree, Fedora does actually not. Hence, Fedora users are often interested to set it up themselves. And then, they find this gargantuan guide 😂.

    But that might also stem from my lack of knowledge. At least the guides I found didn’t provide the same result.

    To be honest, I wouldn’t be surprised if openSUSE Tumbleweed’s implementation is simply better. At least, it would make sense if that were the case. So, I will give you that 😉.

    but I think it has the disadvantage of not having such an amazing documentation as other distros.

    Fair. Fedora’s documentation isn’t that great either 😅. Though, in that regard, I’d argue only Arch and Gentoo have excellent documentation. Granted, I suppose that’s a prerequisite if the distro claims to be unopinionated; which both of them do while Fedora and openSUSE don’t.

    If you stumble upon something and are looking for a fix online, you won’t find as much resources for it as there are for debian based distros for example.

    I agree. But, for Debian (and Ubuntu), I feel their documentation isn’t necessarily better. Instead, their user base is simply more substantial. Hence, there’s a pretty good chance that someone has experienced the same issues before you did. And thus, it’s easier to find resources on the internet to help with troubleshooting.

    All in all, I have to thank you for this amazing exchange.

    I feel the same. Thank you! And I would also like to thank you for being patient with me 😅. I have got the tendency to write very long answers and not everyone appreciates those 😅. I even noticed how you weren’t particularly appreciative in this interaction. So, to be honest, I was very happy when you messaged me back earlier today. I really appreciate you for that!

    I think this is one of the most friendly and informative exchanges I had on lemmy so far. :)

    Thank you for being you! I am really grateful for these wholesome and sweet compliments!

    Sometimes, I question if it’s worth pursuing these conversations. But, thankfully, exchanges like these make it worthwhile. My fate in humanity has just been rekindled. From the bottom of my heart, thank you 😊!


  • But to your earlier one, I can get the VPN client working outside of a container. There’s even an RPM file from the vendor, so installing it is just as easy as installing any other package.

    Aight. You know what you ought to do then 😉.

    I appreciate the input!

    It has been my pleasure!


  • poki@discuss.onlinetoLinux@lemmy.mlAm I overthinking it?
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    4 months ago

    We’re appreciative of your considerations and reservations. However, some of your views seem unnuanced at best or plain biased at worst.

    The problem is all the apps and things you may wish to do with your OS.

    I’m aware that the rest of the comment goes over this. But, I hope the mention of “all” here is merely an oversight.

    Flatpak is the preferred method of installing apps as it doesn’t interfere with the OS, but that is a compromise that means more overhead for running apps including memory and disk space

    While that’s technically true, a (relatively) modern device wouldn’t even care. I don’t recall OP mention their hardware specifications; but if they’re perfectly capable of running VMs, then I don’t see why they would be bothered by this (almost) unnoticeable amount of overhead.

    its a work in progress

    Sure…, but we’re not talking about alpha, beta or even RC software. Like, I’m not sure if you’re aware, but you make it sound as if it’s very new and/or immature. Fedora Atomic has been in the works for over 10 years. It first released their Fedora Atomic Host (currently known as Fedora CoreOS) in 2014 and later released Fedora Atomic Workstation (currently known as Fedora Silverblue) in 2018. Heck, Fedora has already put so much trust in their Atomic branch that they intend for 2028 that immutable variants are the majority of Fedora Linux in use.

    By contrast, what is it that you base this statement of? That it receives very active development that most other distros would be jealous of? That it rapidly implements all kinds of new features that you’re having difficulty keeping track of?

    and with significant compromises at the moment.

    This is a big claim. But I haven’t seen enough in your comment to substantiate this. Your two best claims are:

    • Flatpak is the preferred method of installing apps as it doesn’t interfere with the OS, but that is a compromise that means more overhead for running apps including memory and disk space, and less integration with the host OS than traditional apps.

    Which is a problem of Flatpak on all platforms. The very same Flatpak that was recommended by people associated with Steam/Valve for Ubuntu. Furthermore, if OP creates their own image, then this isn’t even an issue; they can practically bake whatever they want into their image. There are also multiple tools to get this going. I achieved it in a weekend (as a noob) last year, so it ain’t hard. Finally, ‘over-reliance’ on Flatpak is not even a thing on Guix System and NixOS.

    • You can overlay native apps but the more you overlay onto the immutable os, the more complex upgrading gets and the risks of breaking stuff.

    This is not an issue with your own image. If the image itself is busted, then it doesn’t come out of the pipeline. Hence, the busted image would not have been delivered to your device in the first place. And, again, layering isn’t a thing on Guix System and NixOS. Hence, this problem doesn’t exist for them.

    Your VPN may just be the first of many programmes you find you need to overlay.

    Do you (for some reason) imply that layering is necessarily a bad thing?

    If your needs a re very simple then maybe it’ll be easy, but if you’re using lots of software and tools (particularly if its not available Flatpak) or custom OS config you may find atomic desktops are not yet quite ready for you.

    I have yet to receive substantive evidence from you to support this view of yours. I hope you’ll deliver…

    It could be frustrating and off putting if you try linux immutable, find loads of problems and attribute that to linux when its actually the immutable OS that’s the cause.

    I could change the word “immutable” in the above sentence to “traditional” and it would have been an equally nonsensical statement.


  • But I’m fully aware that my frustrations are atomic problems

    Are these frustrations solved by layering with rpm-ostree? If so, just go with it. I’ve always layered over a dozen or so packages and it has worked out fine; it’s defaulted to automatic upgrades in the background, so you don’t feel much of it anyways.

    I just recently learned that openSUSE users also have a lot of stability due to btrfs snapshots, so maybe that’s really the feature I’m looking for. I don’t know much about it, honestly.

    I love openSUSE and what they do with Btrfs snapshots and Snapper.

    However, in terms of ‘robustness’ and ‘stability’, I don’t think anything currently out there can hold up to Fedora Atomic, Guix System and NixOS. This is just by design; the leap from traditional to atomic, then reproducible and finally declarative ensures that issues related to hidden/unknown state, accumulation of cruft, bitrot, configuration drift are left behind in the past. If Btrfs snapshots + Snapper would have been sufficient, then openSUSE themselves would never have desired the creation of openSUSE MicroOS (i.e. their attempt at an ‘immutable’ distro) in the first place.



  • Thank you for reading through that info dump and thank you for your reply!

    I see where you are coming from but I for example never head about Fedora Atomic whilst I am familiar with OpenSUSE MicroOS, GUIX, NixOS.

    Interesting. So, you never heard of Fedora CoreOS, Fedora Silverblue, Fedora Kinoite, uBlue, Aurora, Bazzite and Bluefin?

    ANYWAY, all this immutable talk is anyway pointless, because I was talking about general distributions and not a discussion about immutable distros.

    On the topic which distro adopted what first, my confusion did stem from by what context. As I tried to make clear with my confusion about fedora not being rolling release.

    Thank you for clearing that up!

    To cut all this talk short here my answer to your question:

    Finally 😜.

    The default value of OpenSUSE Tumbleweed is pretty strong because

    Thank you for your answer! First of all, regardless of which distro you would have chosen, I would have respected your answer. Though, depending on your answer, I could have definitely judged you for it 😂. Thankfully, however, you’ve shown to have great taste; openSUSE Tumbleweed is indeed a formidable distro. Unfortunately, I’d argue it’s (somehow) underrated and underappreciated; which is really a pity for how excellent of a distro it is. I hope it will garner a bigger audience, because it simply deserves better. Regardless, openSUSE Tumbleweed is definitely a top contender for best traditional distro IMO and I might have been daily driving it were it not for ‘immutable’ distros.

    Secondly, while I agree with you generally, I can’t deny that the total package deal specifically is what makes openSUSE Tumbleweed special. So, the whole is greater than the sum of its parts.

    • rolling release

    Rolling release distros aren’t that rare by themselves. And, as even Arch is an independent distro with a rolling release cycle, it becomes very hard to regard this selling point as unique.

    • zypper having sane args for regular tasks (install, search etc.)

    zypper’s args/syntax don’t seem very different from dnf and apt in terms of saneness. But, if this is a selling point for you, what prevents dnf (which is found on Fedora) from being a selling point for you?

    • btrfs as default filesystem

    Fedora also ships Btrfs by default, though TIL that Btrfs was first adopted by openSUSE. But, once again, this begs the question why this isn’t a selling point (according to you) when it’s found on Fedora?

    • optimal snapper integration which leads into

    Snapper also seems to be properly integrated on the derivatives of other distros; e.g. Garuda, Siduction and SpiralLinux to name a couple. So, again, this selling point doesn’t seem unique.

    • making a rolling release distro suitable for non-technical people/daily usage without fear of regular updates

    Excellent. This is openSUSE Tumbleweed’s USP (if it’s combined with the fact that it’s a well-funded independent distro, great security standards et cetera et cetera). And if this is precisely what you seek from your distro, then openSUSE Tumbleweed is what you rightfully should stick to.

    But this is just a general recommendation for “distros”.

    Fair. I’m not necessarily opposed to it.

    If the requirements get more specific it makes much more sense to make proper recommendations.

    Interesting. Like, in which cases would you recommend something else for example?


  • poki@discuss.onlinetoLinux@lemmy.mlAm I overthinking it?
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    4 months ago

    If I understand it correctly, layering an application is no more dangerous than a regular install on a non atomic os.

    True~ish.

    There’s an important caveat though; for whatever reason, rpm-ostree can outright fail to upgrade (due to conflicts related to layered packages) while an issue like that is more rare on traditional Fedora and dnf. Thankfully, I’ve never had a problem that I couldn’t solve with rpm-ostree reset run on a (previously) pinned deployment (through sudo ostree admin pin <insert number>). However, when used irresponsibly, this (i.e. layering) can outright destroy your otherwise very robust ‘immutable’ distro.

    It’s easier to teach people to be cautious than to teach how they should act accordingly. Hence, uBlue’s documentation tends to be more conservative in order to protect (especially newer) users from shooting themselves in the foot.


  • Thank you for your reply!

    Thank you, this helps even further.

    It has been my pleasure 😊!

    I scratched the surface of immutable and this further dissects it into deeper “categories”.

    Yup. For your information, ‘immutable’ distros have only gained popularity relatively recently. In fact, for a long time, it was pretty obscure.

    In 2003 we had the initial release of our first ‘immutable’ distro; NixOS. Then, inspired by it, Guix System was released in 2012. After which, within a couple of years, the distros with connections to enterprise Linux got their first ‘immutable’ distros:

    • Fedora in 2014 with Fedora Atomic Host (later CoreOS)
    • Ubuntu in 2016 with Ubuntu Core
    • openSUSE in 2017 with openSUSE MicroOS

    However, these three were primarily meant for server and/or IoT. Then, in 2018, Fedora released Fedora Atomic Workstation (which later changed its name to Fedora Silverblue). I’d argue we owe the current renaissance of ‘immutable’ distros to it. And then, inspired by Fedora Silverblue, we’ve had the release of dozens of 'immutable’ distros in the last 2/3 years (including openSUSE MicroOS Desktop (later openSUSE Aeon) in 2021). Ubuntu has yet to release their Ubuntu Core Desktop. Though, it’s in active development.

    However, even if we’d limit ourselves to the earlier mentioned ‘immutable’ distros (i.e. Fedora Atomic, Guix System, NixOS, openSUSE MicroOS and Ubuntu Core), we find that they’re very different to one another. Heck, by comparison, e.g. Arch, Debian, Fedora, openSUSE and Ubuntu aren’t actually that different to each other.

    Though, perhaps curiously, we find that at least 80% of the user base of ‘immutable’ distros are using either Fedora Atomic (and/)or NixOS.

    My first thought is that, if I didn’t know about immutable distros in the first place (aside from the meaning of the term), I probably wouldn’t know what I’m missing or gaining.

    Exactly.

    My uses for Linux will grow across 3 categories.

    1. Business and office work. Mainly spreadsheets, documents, presentations, and virtual meetings

    2. 3D Design, 3D Printing, bitmap and vector graphics editing, coding, and retro video game development

    3. Streaming via OBS, ATEM, webcam, HDMI capture, and various USB inputs and devices.

    As far as I can tell, none of these should necessarily bring up problems or troubles on ‘immutable’ distros.

    To give an example of something that’s not or less supported on ‘immutable’ distros: Unified Kernel Image with Secure Boot.

    AFAIK, openSUSE Aeon can do it currently. But IIRC, there’s no documentation. NixOS can actually do it as well and there’s plenty of documentation on it. Fedora Atomic can’t yet, but there’s active development surrounding it. However, I don’t expect this feature on the smaller ‘immutable’ distros. Hence, for them, I’d regard this as absolutely impossible.

    I have tried building machines on non-tablets and have got 80% of the way there with all 3. The tablet has me 100% with 1 & 2.

    I’m glad to hear that!

    This all gives me a greater understanding that helps me avoid and research more into the options based on needs.

    Great! FWIW, if there’s anything to take from this interaction, then it’s definitely this.



  • Hi. I’m not related to either of the two fighters. I do, however, admire your curiosity. Still, I feel a particular sentence made in this comment of yours has to be nuanced. If this endeavor of mine is not appreciated, then please feel free to notify me however you please.

    So, without further a due.

    If I were to go immutable there are some limits on what I can do

    Strictly speaking, yes.

    However, we can categorize these as follows:

    • Absolutely impossible to accomplish on some ‘immutable’ distros
    • Currently impossible to accomplish on some ‘immutable’ distros. However, it will be fixed eventually.
    • Currently impossible to accomplish through conventional methods on some ‘immutable’ distros. However, some experimental features do allow these to be accomplished. But, you might have to learn how.

    Furthermore, depending on your needs, you may not even have to deal with anything that’s either not or less supported.

    Finally, as the use of “some ‘immutable’ distros” suggests, not all immutable distros are created equally. Therefore, it’s actually uninformed to lump all of them in the same category. True; they’re referred to as ‘immutable’. However, descriptions like atomic, reproducible and declarative are perhaps more useful when comparing one ‘immutable’ distro to the other.


    I’m personally a big fan of ‘immutable’ distros. However, please don’t feel compelled to delve into it as long as you’re satisfied with your system.

    My two cents. Enjoy!


  • You’re welcome!

    FWIW, last year, through what became BlueBuild eventually, I had my own image with all kinds of modifications within a weekend. And, perhaps most curiously, I was a total noob when it comes to containerfiles, github, git etcetera. So, if I somehow managed, then you should definitely be fine.

    Wish ya good luck! Consider reporting back 😉.


  • Thank you for the reply!

    It would likely help if the conversation around new user distros was a bit less of an argument

    Fair. Though, I suppose we shouldn’t ignore that the promoted distros are mostly the distros people use for themselves. And, while some have been on a distrohopping spree to arrive at their home. Others, instead, just got a recommendation, tried it and have been using it ever since. Yet others knew what they sought and/or needed. Hence, in their case, it was more a search to find a distro that satisfied their specific needs. Finally, it’s perhaps worth mentioning that the popular distros mentioned in these discussions are overall good picks.

    if the number of suggested distros was a bit less.

    Absolutely fair. Unfortunately, we’ve got over 300 distros that are currently maintained and 50 would argue they’re newbie friendly 😅. It’s a hard one for sure. But, I believe you can definitely narrow down the list if you know what you want. For example, in my case, there’s literally only one distro that answers my needs. So, I just use that one 😅.

    It would help with the decision paralysis aspect of it at least.

    Brings back memories. This process took me about two weeks.

    I see enough threads of experienced users troubleshooting more than I really want to deal with

    On the other hand, people that don’t ever experience any issues, don’t feel the need to post about that 😅. But, I can understand why it could make you anxious. Thankfully, distro choice does play an important factor in this. So, it makes sense for you to use a distro that’s designed to (somehow) avoid this and thus limits the amounts of troubleshooting you’d have to resort to.

    I don’t like the idea of my whole computer being like that because I chose the wrong hardware (I have nvidia)

    Absolutely fair. Nvidia on Linux can definitely be a mess. The more popular and modern models should work on most distros. However, if your specific model is more obscure, then this can definitely cause more trouble than it’s worth.


  • Thank you so much for the reply!

    I really wanted to like it. I’ve used ansible and puppet for work and there, declarative configuration made sense because I need to duplicate the same thing 1000’s of times.

    NixOS really seems like a perfect fit in your case.

    For desktop, it was incredibly annoying to me to have to change my config file every time I wanted to install a new application.

    Interesting. All the declarative distros (I know) operate like that; at least to ensure being declarative. Would you prefer it if a <insert favorite package manager> install <insert name of package> would automatically modify configuration.nix?

    I still found myself messing with drivers which I hate on any OS.

    Fair. Hopefully work on official FOSS drivers provided by Nvidia (and others) will resolve this problem for good in the near future.

    When the Bazzite install went well and 99% of the applications I wanted to install were flatpaks anyway, it was a perfect fit. I’ve been running docker containers on my Ubuntu server for years so BoxBuddy was a natural fit for things that aren’t flatpaks (minecraft runs great in one). What’s more, KDE has a lot of keyboard combinations the same as Windows by default which made the switch even better for me. One that I had been fighting to add to gnome, which is admittedly small but annoying, the ability to use Meta+period to bring up an emoji selector, was built right into KDE by default?! I couldn’t believe it.

    Then, I started looking for an equivalent to FancyZones found in Windows PowerToys and… What do you know, that’s also built into KDE by default?

    Then a friend of mine gave me an AMD graphics card he was getting rid of which was an upgrade to my GTX 1060 I’ve been using since 2018. Since I had already moved to Bazzite, it was a simple re-base to move to the AMD version and it went off without a hitch.

    It’s all over, Bazzite and KDE are home for me now.

    I’m glad to hear that you’ve been enjoying Bazzite and KDE!

    FWIW, if you’d like to explore how declarative Fedora Atomic (and uBlue, hence Bazzite) are in their current iterations, then perhaps it’s worth looking at BlueBuild and uBlue’s own documentation on this. Though, I imagine that (based on your previous experience with NixOS) you wouldn’t necessarily approve of this. Though, I suppose drivers should work this time around.