I’ve read several topics trying to explain it and this single comment does a way better job, thank you XD
If you don’t mind me asking a follow-up, why are non-immutable OS’s in Linux more popular? Or in other words, is there a definite downside to an immutable OS that people should be wary of? I was planning to install Fedora 40 soon, but now I think I may opt for the Atomic one (with the KDE env) instead.
I know of a good specific example of a downside. I play SS14 on Steam Deck and musical instruments in it require midi support. This means I need to properly install FluidSynth, but I can’t. I can get the flat pack, but the game won’t recognize that it’s there because it’s looking in the wrong place.
This is why I’m going to install bazzite on my deck.
If the immutability in OS is well designed, then there shouldn’t be really an downsides or loss in comfort. That is, unless you’re a linux expert and like to tinker under the hood.
The general idea is, the core of the OS if read-only, and everything else that needs to be modified is mounted writeable.
Ideally, protecting the core of the OS from writes, should for example prevent malware from installing a modified kernel or boot loader. Or maybe preventing the user from accidentally borking something so that their system becomes unbootable. How much of an advantage that is practice is dependent on use case.
In the case of Steam OS on the steam deck, it’s perfect, since boot issues on the steam deck could potentially be tricky to fix as opposed to a standard PC.
Another advantage of immutable could theoretically be wear and tear of certain storage devices. e.g. Think of a raspberry PI and SDcards. If you could have most of the important stuff of the OS as read only on the SD card, and everything else on a usb disk or even an NFS mount, then the SD card should last much longer since no writes are happening on it.
As far as true security benefit is concerned… I can’t really say. It depends on how updates and eventual writes are actually handled to the immutable part of the OS. Obviously at some point, changes do happen. Like during a system update.
In the case of Steam OS, The system portion is wiped and replaced the new version. Chimera OS, did something similar (I don’t know if they still use the same method). They had a read-only BTRFS partition, where they would then provide a new snapshot during an update, which would be downloaded and applied at the next reboot.
This approach would hinder automated crypto malware for example (at least for system files).
Thank you, then it looks like I’ll be giving the atomic one a try! I can always overwrite and install normal Fedora KDE if the atomic version is giving me issues after all :)
Regular Linux distros have 30+ years of history. It’s what most of us are used to. Immutable/atomic/transactional OSes are relatively recent hence the relatively low adoption rate.
Also, atomic OSes are, by nature, much harder to tinker with. After all, the goal is to provide the exact same image for all users. As a power user, it’s a bit frustrating. As a new user, having a virtually unborkable system is excellent.
If you plan on installing an atomic variant of Fedora, may I suggest uBlue Aurora instead of Fedora Kinoite? It is based on Silverblue/Kinoite but includes by default, among other QOL improvements, the restricted-licence codecs that must be manually installed in official Fedora products.
I am all open for suggestions! I will add a bit of context; I am proficient with Linux command line, good enough to troubleshoot if problems pop up. But I currently do not feel the desire to tinker a lot with the system itself, I just want to do daily driving, play games, and do some basic coding for fun. What value do those restricted licence codecs bring to the system?
Well, currently I use Tumbleweed with just couple of tweaks, but I can’t live without things like Yakuake, fish, yt-dlp and bunch of other console commands that are not present in most dostros’ defaults. How does atomic distribution handle this? I believe flatpak only has gui applications…
// I just diacovered Yakuake is there, but I can’t imagine how does this specific program integrate with system?
You can layer basically any RPM onto the base system with rpm-ostree, but it’s slow and inefficient, or you can install anything from any distro by spinning a container with Distrobox and exporting the command to your main system.
The universeal blue family of operating systems also comes with Homebrew, the Linux port of the popular Mac package manager. The idea being that flatpak is for GUI apps and homebrew for the cli
Oh yeah thanks I forgot about brew. TBH the only uBlue machine I’m currently playing with is destined to be my dad’s new computer, so he’s not expected to get anywhere near the command line :D
I’ve read several topics trying to explain it and this single comment does a way better job, thank you XD
If you don’t mind me asking a follow-up, why are non-immutable OS’s in Linux more popular? Or in other words, is there a definite downside to an immutable OS that people should be wary of? I was planning to install Fedora 40 soon, but now I think I may opt for the Atomic one (with the KDE env) instead.
I know of a good specific example of a downside. I play SS14 on Steam Deck and musical instruments in it require midi support. This means I need to properly install FluidSynth, but I can’t. I can get the flat pack, but the game won’t recognize that it’s there because it’s looking in the wrong place.
This is why I’m going to install bazzite on my deck.
If the immutability in OS is well designed, then there shouldn’t be really an downsides or loss in comfort. That is, unless you’re a linux expert and like to tinker under the hood.
The general idea is, the core of the OS if read-only, and everything else that needs to be modified is mounted writeable. Ideally, protecting the core of the OS from writes, should for example prevent malware from installing a modified kernel or boot loader. Or maybe preventing the user from accidentally borking something so that their system becomes unbootable. How much of an advantage that is practice is dependent on use case. In the case of Steam OS on the steam deck, it’s perfect, since boot issues on the steam deck could potentially be tricky to fix as opposed to a standard PC.
Another advantage of immutable could theoretically be wear and tear of certain storage devices. e.g. Think of a raspberry PI and SDcards. If you could have most of the important stuff of the OS as read only on the SD card, and everything else on a usb disk or even an NFS mount, then the SD card should last much longer since no writes are happening on it.
As far as true security benefit is concerned… I can’t really say. It depends on how updates and eventual writes are actually handled to the immutable part of the OS. Obviously at some point, changes do happen. Like during a system update. In the case of Steam OS, The system portion is wiped and replaced the new version. Chimera OS, did something similar (I don’t know if they still use the same method). They had a read-only BTRFS partition, where they would then provide a new snapshot during an update, which would be downloaded and applied at the next reboot. This approach would hinder automated crypto malware for example (at least for system files).
Thank you, then it looks like I’ll be giving the atomic one a try! I can always overwrite and install normal Fedora KDE if the atomic version is giving me issues after all :)
Regular Linux distros have 30+ years of history. It’s what most of us are used to. Immutable/atomic/transactional OSes are relatively recent hence the relatively low adoption rate.
Also, atomic OSes are, by nature, much harder to tinker with. After all, the goal is to provide the exact same image for all users. As a power user, it’s a bit frustrating. As a new user, having a virtually unborkable system is excellent.
If you plan on installing an atomic variant of Fedora, may I suggest uBlue Aurora instead of Fedora Kinoite? It is based on Silverblue/Kinoite but includes by default, among other QOL improvements, the restricted-licence codecs that must be manually installed in official Fedora products.
I am all open for suggestions! I will add a bit of context; I am proficient with Linux command line, good enough to troubleshoot if problems pop up. But I currently do not feel the desire to tinker a lot with the system itself, I just want to do daily driving, play games, and do some basic coding for fun. What value do those restricted licence codecs bring to the system?
Well, currently I use Tumbleweed with just couple of tweaks, but I can’t live without things like Yakuake, fish, yt-dlp and bunch of other console commands that are not present in most dostros’ defaults. How does atomic distribution handle this? I believe flatpak only has gui applications…
// I just diacovered Yakuake is there, but I can’t imagine how does this specific program integrate with system?
You can layer basically any RPM onto the base system with
rpm-ostree
, but it’s slow and inefficient, or you can install anything from any distro by spinning a container with Distrobox and exporting the command to your main system.The universeal blue family of operating systems also comes with Homebrew, the Linux port of the popular Mac package manager. The idea being that flatpak is for GUI apps and homebrew for the cli
Oh yeah thanks I forgot about brew. TBH the only uBlue machine I’m currently playing with is destined to be my dad’s new computer, so he’s not expected to get anywhere near the command line :D