I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can’t mess with the root without extra steps.
For anyone who isn’t familiar with immutable distros I attached a picture of mutable vs immutable, I don’t want to describe it because I am still learning.
My question is: what does the community think of it?
Do the downsides outweigh the benefits or vice versa?
Could this help Linux reach more mainstream audiences?
Any other input would be appreciated!
Immutable, doesn’t mean extreme secure. It’s a false sense of security.
It could be more secure.
But during a runtime, it is possible to overwrite operational memory, mask some syscalls, etc.That’s my 3 cents.
Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing
~/.bashrcand putting a binary somewhere.I didn’t know that inflation can affect idiomatic expressions.
Secure can also mean more resilient. The infosec C-I-A triangle has three legs. Confidentiality, Integrity and Availability. Immutable distros are more resilient and thus offer better availability in the face of attacks or accidents.
it doesn’t allow changes to stuff that needs root access to change. If you have root access you can do anything, including switching images. It is not more secure. It’s not less either
NixOS is kinda the best of both worlds, because it does everything in a way that is compatible with an immutable fs, but it doesn’t force you into abiding by immutability yourself.
You can always opt into immutability by using Impermanence, but I’ve never seen any reason to.
Edit: That said, the syntax has a steep learning curve and there are tons of annoying edge cases that spawn out of the measures it takes to properly isolate things. It can be a lot to micromanage, so if you’d rather just use your system more than tinker with it, it may not be a good fit.
Impermenance is not the same as immutability.
I suppose you’re right. It’s just another tool for helping you abide by immutable practices without forcing immutability as an unbreakable rule.
I love building my own uBlue image. Tinkering is done in toolbox containers, definite changes are baked into the image. Completely custom (to me) and when you get it right it will just work anywhere. If I would brick my PC/storage I can just boot up another and restore my (back-upped) home dir with very little effort.
I heard both flatpak and immutability are obstacles to developers. How bad is it really?
I’ve had NixOS absolutely refuse to run some compiler toolchain I depended upon that should’ve been dead simple on other distros, I’m really hesitant to try anything that tries to be too different anymore.
It would be a problem without distrobox. Since that gives you a normal, mutable OS on top, you don’t even notice the immutability.
And Homebrew. I’m a developer and I’ve done all my work just with Homebrew.
if you program using vscodium, do you install a separate vscodium in every distrobox?
Yep, I do currently. I only have one main distrobox.
I had a lot of issues on silverblue using vscodium as a flatpak, I think I will try installing it in a distrobox instead.
It should behave pretty much the same as a normally installed version. Hope it works well for you!
I’ve had NixOS absolutely refuse to run some compiler toolchain I depended upon that should’ve been dead simple on other distros, I’m really hesitant to try anything that tries to be too different anymore.
Yes, some toolchain expect you to run pre-compiled dynamically linked binaries. These won’t work on NixOS, you need to either find a way to install the binary from nix and force the toolchain to use it or run
patchelfon it somehow.Same issue, I still use nix on m’y laptop because it’s neat as can be, but I have to admit developing on nix can be quite a hassle if you don’t go it “the nix way”, moreover some packages don’t work as well because nix doesn’t link binaries the standard way (zed editor for example)
NixOS likely only refused to run it because you weren’t running it in the Nix way. That’s not a jab or anything, Nix has a huge learning curve and requires doing a lot differently. You’re supposed to use devshells whenever doing development. If you want something to just work, you use a container.
Whatever issue you ran into most likely had nothing to do with NixOS being immutable, and was probably caused by the non standard filesystem hierarchy, which prevents random dynamically linked binaries from running.
I’ve never heard of flatpak and immutability being obstacles to developers, in fact I generally hear the opposite. Bluefin is primarily targeted at developers, and some apps, like Bottles, will only officially support the flatpak distribution because of the simplicity and benefits it brings over standard distro packaging.
It’s subjective. I freaking love Bazzite, it works for me. Not the other way around.
Feel like elaborating? I’ve been running it for a couple weeks and very happy so far. One nice little feature was how I can just scroll on top of the little sun icon in the taskbar and my monitors dim and brighten. But that’s prolly a Plasma thing more than anything else.
That’s indeed a Plasma thing
I had to turn it off (which is easy in plasma) because I have two different monitors and they have different brightness, so it was either first one insanely bright to other one being normal or first being normal to second barely dim.
I use plasma and had no idea this was a thing. Thank you
My new measure for intuitiveness of an interface - do half-drunk, clumsy fumblings with a mouse occasionally reveal a slick new feature I wasn’t aware of?
One thing I really like about Bazzite (compared to EndeavourOS which I ran before), is that it just works for gaming. Lots of little tweaks and stuff to get certain qol things working in EOS, are just installed and configured by default in Bazzite.
The stability is super impressive… I used to rely on TimeShift on EOS to roll back when I broke shit (which was over and over, because that’s how I learn), and while it’s trivial to rollback on Bazzite, I’ve never even been close to needing to. It’s just hard to break (and if you do, just reboot it and everything is fine).
It’s definitely more user friendly, but I wouldn’t say immutable like Bazzite is only for non-tech people.
Thanks for the info! So far I’ve been enjoying those same characteristics. I spend my work day arguing with computers, so I have little patience for doing more of it when I’m off (more seriously, I carefully marshall my tech efforts outside of work as a long-term strategy against burnout). I appreciate how “out of the box” gaming (and anything else I’ve tried) works in Bazzite, and the stability has been great too. Though to be fair, def helps that it’s my first experience with Plasma which really makes the “feeling” of the OS pop, in an unfair way lol.
Plasma is awesome! The customizability is just off the charts.
Yesterday I powered up my older laptop (running EndeavourOS) after not starting it up in several months. Had to install the updates in chunks because there were just too many, and the dependency situation was a nightmare… Anyway, got it all updated.
and then next thing I know, I look at the clock and like 3 hours passed. I had been tinkering with shit, completely unnecessarily, for hours without realizing it. I don’t think I really accomplished anything, and in fact may have left it worse off than it was before I turned it on lol.
So yeah, TONS of time saved using Bazzite, but there is that level of tinkering that I do miss at times (DistroBox can help with some things). I don’t even know if I’d say it’s something I “enjoy,” per-se… It just tickles my brain in a certain way that I don’t get elsewhere?
For my needs, I’ve build a static system with buildroot for a pi zero. No updates, no modifications on the system, no remote access. Some directories are in tempfs, and after a reboot the system is fresh again. when needed, I removed the sd card and copy a new image
I use this board for a pulseaudio/mpd player, it’s not intended for a desktop usage, but I’m happy beiing able to configure a system like this one. For me, there is no maintenance, and this is exactly what I wanted
I am a huge fan of immutable distributions, not for my personal daily driver but for secondary systems like my living room/home theater PC.
I have investigated the idea and came to the conclusion that immutable distros are essentially a research project. They attempt to advance the state-of-art a slight bit but the cost is currently too great.
Perhaps somebody will some day create something that’s worth switching to. But I don’t think that has happened yet, or is happening with any of the current distros. Silverblue might become that with enough polish, but I feel that to get that amount of polish, they would have to make Silverblue the 1st class citizen, i.e. the default install of Fedora.
I don’t mind flatpaks in a pinch, but having to use them for literally every app on my computer is an unreasonable amount of bloat.
The barrier for me is that I use a lot of apps which require native messaging for inter-program communication (keepass browser, citation managers talking to Libreoffice, etc.), and the portal hasn’t been implemented yet. Its been stuck in PR comment hell for years. Looks like its getting close, but flatpak-only is a hard no go for me until then.
Even after that, I would worry about doing some Dev work on atomic distros, and I worry about running into other hard barriers in the future.
But the more apps the more the dedup is saving space
Not when every app decides to use a different point version of the same damn platform.
"Hello Mr. Application. I see you’d like to use the Freedesktop-SDK 23.08.27
“Oh…well hello other application. What’s this? You want to use Freedesktop-SDK 24.08.10? Well…I guess so…”
Edited to add: Yes, I know that flatpaks will upgrade to use updated platforms. But it doesn’t automatically remove the old one, forcing you to have to run flatpak remove --unused every week just to keep your drive clean. That’s hardly user friendly for the average person.
I had a systemd unit that ran it weekly after the update one ran. I feel like the default behavior though should be automatic purge old unused runtimes though too. I don’t see why that wouldn’t the case to me.
I’ve even gone so far as wanting to force run time changes underneath the packs because of Caves and such, but thats my niche and puts security over function.
Definitely not a free lunch sys admin wise, but it is still a marked improvement over native apps 98% of the time for me.
The average person has a 1tb+ drive and doesn’t care about a few hundred megabytes of bloat in a partition they will never look at. If someone is switching from Windows, every app having its dependencies self contained is mostly normal anyway (aside from the occasional system provided dll). The only people likely to care about removing old flatpak platforms are the kind of people who don’t mind running the command to remove them.
That’s a very fair point. But it’s still annoying.
The average person has a phone, with 128gb of storage.
The typical laptop I deal with have 512gb ssd drives.
The typical desktop in a corporate environment is 256gb or 512gb.
1tb drives are very much not “average”.
The average person definitely doesn’t have a 1tb drive.
61% of steam users have 1tb or more total hard drive space.
https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam
I don’t think Steam users really represent the average person…
The average person doesn’t own a computer anymore, but I think steam users are pretty representative of people who want to use the OS that markets itself as “The next generation of Linux gaming”
Steam users are not the “average user”… they are the “average gamer”.
I think it’s good if you have a ton of storage and want to set it and forget it. For me, immutable depresses me. I came to Linux for the tinkering and the ability to do what I please to my system, not to be restricted. That’s just me, though. For handhelds/strictly gaming machine (a Steam machine for example)? I think immutable is the perfect fit for it.
Do you have any examples of the kind of “tinkering” you couldn’t do with an immutable distro? I haven’t run into any restrictions after more than a year.
You can’t even install packages using sudo. You can, but they’ll be overridden on next update.
… why would you want to install packages with
sudo? The proper way is to install them (as a user, not root) usingrpm-ostree, which will layer the packages on top of the image, automatically installing them for every future system as well.You haven’t actually looked into immutable distributions, have you?
I admit that I didn’t know about how rpm-ostree is capable of what you mentioned, but I still don’t like immutables for the other reasons I’ve mentioned. I did look into them and I can’t use them. I like my regular distro
I keep hearing this, but people never elaborate on those “other reasons”. Did I miss where you mentioned them?
You mentioned storage, but AFAIK atomic Fedora doesn’t use more space (unless you keep multiple versions for rolling back).
I don’t want to deal with images. I don’t want to have to be cleaning the system from those images to reclaim my storage. I dislike flatpaks, snaps and appimage on which immutable distros rely. The lack of customization as you can’t modify system files or install traditional packages outside the immutable framework, which limits personal tweaks. Apps availability, not all apps on the planet exist in flatpaks. The learning curve. Having to change the way I interact with my computer completely, I’m too fucking lazy for that and way too cozy where I am. They’re just a burden that I don’t want to deal with and I hope that that’s ok with you. Lmao
Of course it’s ok! You do whatever you want. Though I’d like to clear up a couple of misconceptions:
I don’t want to deal with images. I don’t want to have to be cleaning the system from those images to reclaim my storage.
You don’t have to, happens automatically.
I dislike flatpaks, snaps and appimage on which immutable distros rely.
Fair, though you don’t have to use them at all - you could run everything in a distrobox.
The lack of customization as you can’t modify system files or install traditional packages outside the immutable framework, which limits personal tweaks.
This really depends on what system files you mean. Anything in
/etc/? Fully writable. Everything is configurable either in your home directory or in/etc/, so I haven’t run into any issues with not being able to modify something - and if you do run into that, you always have distrobox.Apps availability, not all apps on the planet exist in flatpaks.
Don’t need to, you have distrobox for that.
The learning curve.
That’s fair. It’s been very small for me, and the issues have helped me become a better Linux developer, but it does bring its own problems in some cases.
Having to change the way I interact with my computer completely, I’m too fucking lazy for that and way too cozy where I am.
That’s the thing, I hear this a lot, and I just don’t know what the big changes are. I installed Kinoite, set up a distrobox, and have been smooth sailing since - all my previous installations have had far more issues, and I just haven’t really changed much (besides switching from Ubuntu to Fedora, but I’m happy about that, fuck Canonical).
I am a big fan of breaking my system
Stock fedora is just for you my man, it breaks by itself
deleted by creator
Arch doesn’t break by itself tho, well… If you don’t update it for few months then yes, it breaks by itself
deleted by creator
Manjaro enters the room…
I personally vastly prefer mutable distros for my own system, but I understand the appeal for those who like them. As long as mutable distros remain an option I don’t mind immutable distros.
As long as mutable distros remain an option
Precisely this, linux is about choice. It’s not like suddenly most distros would change init systems and make it near impossible to choose… oh, wait…
I prefer mutable and see immutable mostly as lazyness but if people wanna use’em go for it, i’m not pushing mutable down their throats.Linux isn’t about choice, it’s about freedom. Distro’s don’t owe you the choices you want, because the devs have the freedom to make what they want. You also have the freedom to modify them or make whatever distro you want.
is nixos considered immutable or mutable? kind of has characteristics of both.
nixos and guix are immutable and two of the only immutable distros I like
The store is immutable but the system itself definitely isn’t.
deleted by creator
Packages in nix are in the store directory, each package in a dir named after the package hash. So you can have 15 versions of firefox installed, for instance, and the different versions go in different folders with different hashnames.
When it’s time to set up a user env, their specific version of firefox is (conceptually) symlinked into the users profile. When that user executes firefox it gets one out of the 15 versions. Another user may get a different one.
Anyway, the package store is off limits to users, and a real bad idea to modify for root too.
deleted by creator
That’s not what sandboxed means and Nix isn’t sandboxed.
Sandboxed means it runs in a separate container, often with limited permissions; raising security at the cost of performance.
deleted by creator
I’d argue it’s closer to a mutable distro than an immutable one.
Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix’s purview, it just won’t be reproducible and may be overwritten by nix.
You can build an ‘immutable’ environment on nix, but rather than storing changes as transactions like rpm-ostree, it’ll modify path in /nix/store and symlink it. Sure, you can store the internal representation of those changes in a git repo, but that is not the same thing as the changes themselves; if the nixpkgs implementation of a config option changes, the translation on your machine does too.
Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix’s purview, it just won’t be reproducible and may be overwritten by nix.
Interesting. If possible, could you more explicitly draw comparisons on how this isn’t quite the same over on say Fedora Atomic? Like, sure changes of
/etcare (at least by default) being kept track of. But you indeed can change it.libostreedoesn’t even care what you do in your home folder. Thus, changes to e.g.~/.config(and everything else in/var[1]) are kept nowhere else by default.
- Which happens to be more crowded than on other distros as folders like
/optare actually found here as well.
~/.config is probably a poor comparison on my part; it’s management is actually done by home-manager rather than Nixos proper, and I can’t think of another OS that fills this same role.
Nixos generates (for example) /etc/systemd/network to a path in /nix/store and symlinks it to it’s appropriate locations. After the files are generated the appropriate /nix/store paths are (re-mounted? Over-mounted? I’m not sure the implementation) made read-only (by default), but anything that isn’t generated is absolutely both mutable and untracked, and that “not tracking everything in /etc” is more what I’m going on about.
If you use Nixos as intended (when you find that a package is lacking a config option you want, create your own nix option internally) the distro is effectively immutable, but if you use Nixos for anything moderately complex that changes frequently e.g. a desktop os, you eventually run into the choice: become competent enough to basically be a nixpkgs contributor, or abandon absolute immutability.
I think the first option is worth it, and did go down that route, but it is unreasonable to expect the average Linux consumer to do so, and so something like fedora atomic is going to remain more “immutable” for them than nixos.
This need to git gud is thankfully lessening with every commit to nixpkgs, and most people can already get to most places without writing their own set of nix options or learning how to parse //random markup language// into nix, but you’ll eventually run into the barrier.
- Which happens to be more crowded than on other distros as folders like
I remain interested in the immutables or atomic distros because I know a lot of smart people that swear by them.
I also don’t try them just yet because I know a lot of dumb people like me that end up breaking a lot of stuff before quitting them altogether.
They could be amazing and just not perfected yet or they may be a meme and no one’s proved it outright just yet. Will be lurking this thread either way lool :D
Yeah I think atomic is more appropriate but I’m not exactly sure what the difference is?
Immutable = Read-Only Root FS && Updates entire system image rather than individual files
Atomic = Updates as single transaction (all or no update) && Containerization w/ Rollback capabilityThis is quick summary from quick research pls correct where technically wrong.
If we’re asking what people mean when they use those descriptors, then you’re correct.
However, literally speaking, in this context, immutable only means read-only, and atomic only means that updates are applied all-at-once or not at all (no weird in-between state if your update crashes halfway through).
The rest of the features (rollbacks, containerization, and immutable meaning full system image updates) are typically implied, but not explicitly part of the definition.
I knew a real wizard would clarify sooner than later. Much obliged and keep up the good work anon!
That makes sense, bazzite is referred to as atomic (that’s what I meant in the above comment about atomic being more appropriate, forgot to add that context though lol) specifically instead of immutable. Bazzite updates like you said and you can always roll back, thank you for the explanation!
These distros are great for beginners or less technically savvy. They’re really just harder for people who have been using Linux forever and are very accustomed to the old ways.
Immutable vs Mutable weird normalMore like familiar and unfamiliar
Yeah that’s what they said
