I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can’t mess with the root without extra steps.

For anyone who isn’t familiar with immutable distros I attached a picture of mutable vs immutable, I don’t want to describe it because I am still learning.

My question is: what does the community think of it?

Do the downsides outweigh the benefits or vice versa?

Could this help Linux reach more mainstream audiences?

Any other input would be appreciated!

  • lnxtx (xe/xem/xyr)
    link
    fedilink
    English
    1384 months ago

    Immutable, doesn’t mean extreme secure. It’s a false sense of security.
    It could be more secure.
    But during a runtime, it is possible to overwrite operational memory, mask some syscalls, etc.

    That’s my 3 cents.

    • Chewy
      link
      fedilink
      214 months ago

      Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing ~/.bashrc and putting a binary somewhere.

    • @xylogx@lemmy.world
      link
      fedilink
      English
      24 months ago

      Secure can also mean more resilient. The infosec C-I-A triangle has three legs. Confidentiality, Integrity and Availability. Immutable distros are more resilient and thus offer better availability in the face of attacks or accidents.

    • @vrighter@discuss.tchncs.de
      link
      fedilink
      44 months ago

      it doesn’t allow changes to stuff that needs root access to change. If you have root access you can do anything, including switching images. It is not more secure. It’s not less either

  • @kibiz0r@midwest.social
    link
    fedilink
    English
    30
    edit-2
    4 months ago

    NixOS is kinda the best of both worlds, because it does everything in a way that is compatible with an immutable fs, but it doesn’t force you into abiding by immutability yourself.

    You can always opt into immutability by using Impermanence, but I’ve never seen any reason to.

    Edit: That said, the syntax has a steep learning curve and there are tons of annoying edge cases that spawn out of the measures it takes to properly isolate things. It can be a lot to micromanage, so if you’d rather just use your system more than tinker with it, it may not be a good fit.

      • @kibiz0r@midwest.social
        link
        fedilink
        English
        44 months ago

        I suppose you’re right. It’s just another tool for helping you abide by immutable practices without forcing immutability as an unbreakable rule.

  • Glitterkoe
    link
    fedilink
    84 months ago

    I love building my own uBlue image. Tinkering is done in toolbox containers, definite changes are baked into the image. Completely custom (to me) and when you get it right it will just work anywhere. If I would brick my PC/storage I can just boot up another and restore my (back-upped) home dir with very little effort.

  • @Integrate777@discuss.online
    link
    fedilink
    18
    edit-2
    4 months ago

    I heard both flatpak and immutability are obstacles to developers. How bad is it really?

    I’ve had NixOS absolutely refuse to run some compiler toolchain I depended upon that should’ve been dead simple on other distros, I’m really hesitant to try anything that tries to be too different anymore.

    • @FooBarrington@lemmy.world
      link
      fedilink
      114 months ago

      It would be a problem without distrobox. Since that gives you a normal, mutable OS on top, you don’t even notice the immutability.

    • @ivn@jlai.lu
      link
      fedilink
      English
      84 months ago

      I’ve had NixOS absolutely refuse to run some compiler toolchain I depended upon that should’ve been dead simple on other distros, I’m really hesitant to try anything that tries to be too different anymore.

      Yes, some toolchain expect you to run pre-compiled dynamically linked binaries. These won’t work on NixOS, you need to either find a way to install the binary from nix and force the toolchain to use it or run patchelf on it somehow.

    • Chloë (she/her)
      link
      fedilink
      14 months ago

      Same issue, I still use nix on m’y laptop because it’s neat as can be, but I have to admit developing on nix can be quite a hassle if you don’t go it “the nix way”, moreover some packages don’t work as well because nix doesn’t link binaries the standard way (zed editor for example)

    • @priapus@sh.itjust.works
      link
      fedilink
      English
      6
      edit-2
      4 months ago

      NixOS likely only refused to run it because you weren’t running it in the Nix way. That’s not a jab or anything, Nix has a huge learning curve and requires doing a lot differently. You’re supposed to use devshells whenever doing development. If you want something to just work, you use a container.

      Whatever issue you ran into most likely had nothing to do with NixOS being immutable, and was probably caused by the non standard filesystem hierarchy, which prevents random dynamically linked binaries from running.

      I’ve never heard of flatpak and immutability being obstacles to developers, in fact I generally hear the opposite. Bluefin is primarily targeted at developers, and some apps, like Bottles, will only officially support the flatpak distribution because of the simplicity and benefits it brings over standard distro packaging.

    • YonderEpochs
      link
      fedilink
      34 months ago

      Feel like elaborating? I’ve been running it for a couple weeks and very happy so far. One nice little feature was how I can just scroll on top of the little sun icon in the taskbar and my monitors dim and brighten. But that’s prolly a Plasma thing more than anything else.

      • qaz
        link
        fedilink
        English
        44 months ago

        That’s indeed a Plasma thing

        • @kurcatovium@lemm.ee
          link
          fedilink
          English
          24 months ago

          I had to turn it off (which is easy in plasma) because I have two different monitors and they have different brightness, so it was either first one insanely bright to other one being normal or first being normal to second barely dim.

      • Kangy
        link
        fedilink
        English
        34 months ago

        I use plasma and had no idea this was a thing. Thank you

        • YonderEpochs
          link
          fedilink
          14 months ago

          My new measure for intuitiveness of an interface - do half-drunk, clumsy fumblings with a mouse occasionally reveal a slick new feature I wasn’t aware of?

      • @prole@lemmy.blahaj.zone
        link
        fedilink
        4
        edit-2
        4 months ago

        One thing I really like about Bazzite (compared to EndeavourOS which I ran before), is that it just works for gaming. Lots of little tweaks and stuff to get certain qol things working in EOS, are just installed and configured by default in Bazzite.

        The stability is super impressive… I used to rely on TimeShift on EOS to roll back when I broke shit (which was over and over, because that’s how I learn), and while it’s trivial to rollback on Bazzite, I’ve never even been close to needing to. It’s just hard to break (and if you do, just reboot it and everything is fine).

        It’s definitely more user friendly, but I wouldn’t say immutable like Bazzite is only for non-tech people.

        • YonderEpochs
          link
          fedilink
          24 months ago

          Thanks for the info! So far I’ve been enjoying those same characteristics. I spend my work day arguing with computers, so I have little patience for doing more of it when I’m off (more seriously, I carefully marshall my tech efforts outside of work as a long-term strategy against burnout). I appreciate how “out of the box” gaming (and anything else I’ve tried) works in Bazzite, and the stability has been great too. Though to be fair, def helps that it’s my first experience with Plasma which really makes the “feeling” of the OS pop, in an unfair way lol.

          • @prole@lemmy.blahaj.zone
            link
            fedilink
            2
            edit-2
            4 months ago

            Plasma is awesome! The customizability is just off the charts.

            Yesterday I powered up my older laptop (running EndeavourOS) after not starting it up in several months. Had to install the updates in chunks because there were just too many, and the dependency situation was a nightmare… Anyway, got it all updated.

            and then next thing I know, I look at the clock and like 3 hours passed. I had been tinkering with shit, completely unnecessarily, for hours without realizing it. I don’t think I really accomplished anything, and in fact may have left it worse off than it was before I turned it on lol.

            So yeah, TONS of time saved using Bazzite, but there is that level of tinkering that I do miss at times (DistroBox can help with some things). I don’t even know if I’d say it’s something I “enjoy,” per-se… It just tickles my brain in a certain way that I don’t get elsewhere?

  • @Chimrod@jlai.lu
    link
    fedilink
    84 months ago

    For my needs, I’ve build a static system with buildroot for a pi zero. No updates, no modifications on the system, no remote access. Some directories are in tempfs, and after a reboot the system is fresh again. when needed, I removed the sd card and copy a new image

    I use this board for a pulseaudio/mpd player, it’s not intended for a desktop usage, but I’m happy beiing able to configure a system like this one. For me, there is no maintenance, and this is exactly what I wanted

  • Magiilaro
    link
    fedilink
    114 months ago

    I am a huge fan of immutable distributions, not for my personal daily driver but for secondary systems like my living room/home theater PC.

  • @vga@sopuli.xyz
    link
    fedilink
    8
    edit-2
    4 months ago

    I have investigated the idea and came to the conclusion that immutable distros are essentially a research project. They attempt to advance the state-of-art a slight bit but the cost is currently too great.

    Perhaps somebody will some day create something that’s worth switching to. But I don’t think that has happened yet, or is happening with any of the current distros. Silverblue might become that with enough polish, but I feel that to get that amount of polish, they would have to make Silverblue the 1st class citizen, i.e. the default install of Fedora.

  • Hemingways_Shotgun
    link
    fedilink
    English
    144 months ago

    I don’t mind flatpaks in a pinch, but having to use them for literally every app on my computer is an unreasonable amount of bloat.

    • @IrritableOcelot@beehaw.org
      link
      fedilink
      34 months ago

      The barrier for me is that I use a lot of apps which require native messaging for inter-program communication (keepass browser, citation managers talking to Libreoffice, etc.), and the portal hasn’t been implemented yet. Its been stuck in PR comment hell for years. Looks like its getting close, but flatpak-only is a hard no go for me until then.

      Even after that, I would worry about doing some Dev work on atomic distros, and I worry about running into other hard barriers in the future.

      • Hemingways_Shotgun
        link
        fedilink
        English
        10
        edit-2
        4 months ago

        Not when every app decides to use a different point version of the same damn platform.

        "Hello Mr. Application. I see you’d like to use the Freedesktop-SDK 23.08.27

        “Oh…well hello other application. What’s this? You want to use Freedesktop-SDK 24.08.10? Well…I guess so…”

        Edited to add: Yes, I know that flatpaks will upgrade to use updated platforms. But it doesn’t automatically remove the old one, forcing you to have to run flatpak remove --unused every week just to keep your drive clean. That’s hardly user friendly for the average person.

        • @fruitycoder@sh.itjust.works
          link
          fedilink
          24 months ago

          I had a systemd unit that ran it weekly after the update one ran. I feel like the default behavior though should be automatic purge old unused runtimes though too. I don’t see why that wouldn’t the case to me.

          I’ve even gone so far as wanting to force run time changes underneath the packs because of Caves and such, but thats my niche and puts security over function.

          Definitely not a free lunch sys admin wise, but it is still a marked improvement over native apps 98% of the time for me.

        • @SpatchyIsOnline@lemmy.world
          link
          fedilink
          34 months ago

          The average person has a 1tb+ drive and doesn’t care about a few hundred megabytes of bloat in a partition they will never look at. If someone is switching from Windows, every app having its dependencies self contained is mostly normal anyway (aside from the occasional system provided dll). The only people likely to care about removing old flatpak platforms are the kind of people who don’t mind running the command to remove them.

  • @penquin@lemm.ee
    link
    fedilink
    114 months ago

    I think it’s good if you have a ton of storage and want to set it and forget it. For me, immutable depresses me. I came to Linux for the tinkering and the ability to do what I please to my system, not to be restricted. That’s just me, though. For handhelds/strictly gaming machine (a Steam machine for example)? I think immutable is the perfect fit for it.

    • @FooBarrington@lemmy.world
      link
      fedilink
      34 months ago

      Do you have any examples of the kind of “tinkering” you couldn’t do with an immutable distro? I haven’t run into any restrictions after more than a year.

      • @penquin@lemm.ee
        link
        fedilink
        14 months ago

        You can’t even install packages using sudo. You can, but they’ll be overridden on next update.

        • @FooBarrington@lemmy.world
          link
          fedilink
          14 months ago

          … why would you want to install packages with sudo? The proper way is to install them (as a user, not root) using rpm-ostree, which will layer the packages on top of the image, automatically installing them for every future system as well.

          You haven’t actually looked into immutable distributions, have you?

          • @penquin@lemm.ee
            link
            fedilink
            1
            edit-2
            4 months ago

            I admit that I didn’t know about how rpm-ostree is capable of what you mentioned, but I still don’t like immutables for the other reasons I’ve mentioned. I did look into them and I can’t use them. I like my regular distro

            • @FooBarrington@lemmy.world
              link
              fedilink
              1
              edit-2
              4 months ago

              I keep hearing this, but people never elaborate on those “other reasons”. Did I miss where you mentioned them?

              You mentioned storage, but AFAIK atomic Fedora doesn’t use more space (unless you keep multiple versions for rolling back).

              • @penquin@lemm.ee
                link
                fedilink
                1
                edit-2
                4 months ago

                I don’t want to deal with images. I don’t want to have to be cleaning the system from those images to reclaim my storage. I dislike flatpaks, snaps and appimage on which immutable distros rely. The lack of customization as you can’t modify system files or install traditional packages outside the immutable framework, which limits personal tweaks. Apps availability, not all apps on the planet exist in flatpaks. The learning curve. Having to change the way I interact with my computer completely, I’m too fucking lazy for that and way too cozy where I am. They’re just a burden that I don’t want to deal with and I hope that that’s ok with you. Lmao

                • @FooBarrington@lemmy.world
                  link
                  fedilink
                  14 months ago

                  Of course it’s ok! You do whatever you want. Though I’d like to clear up a couple of misconceptions:

                  I don’t want to deal with images. I don’t want to have to be cleaning the system from those images to reclaim my storage.

                  You don’t have to, happens automatically.

                  I dislike flatpaks, snaps and appimage on which immutable distros rely.

                  Fair, though you don’t have to use them at all - you could run everything in a distrobox.

                  The lack of customization as you can’t modify system files or install traditional packages outside the immutable framework, which limits personal tweaks.

                  This really depends on what system files you mean. Anything in /etc/? Fully writable. Everything is configurable either in your home directory or in /etc/, so I haven’t run into any issues with not being able to modify something - and if you do run into that, you always have distrobox.

                  Apps availability, not all apps on the planet exist in flatpaks.

                  Don’t need to, you have distrobox for that.

                  The learning curve.

                  That’s fair. It’s been very small for me, and the issues have helped me become a better Linux developer, but it does bring its own problems in some cases.

                  Having to change the way I interact with my computer completely, I’m too fucking lazy for that and way too cozy where I am.

                  That’s the thing, I hear this a lot, and I just don’t know what the big changes are. I installed Kinoite, set up a distrobox, and have been smooth sailing since - all my previous installations have had far more issues, and I just haven’t really changed much (besides switching from Ubuntu to Fedora, but I’m happy about that, fuck Canonical).

  • @Grangle1@lemm.ee
    link
    fedilink
    214 months ago

    I personally vastly prefer mutable distros for my own system, but I understand the appeal for those who like them. As long as mutable distros remain an option I don’t mind immutable distros.

    • @0x0@programming.dev
      link
      fedilink
      64 months ago

      As long as mutable distros remain an option

      Precisely this, linux is about choice. It’s not like suddenly most distros would change init systems and make it near impossible to choose… oh, wait…
      I prefer mutable and see immutable mostly as lazyness but if people wanna use’em go for it, i’m not pushing mutable down their throats.

      • @priapus@sh.itjust.works
        link
        fedilink
        English
        64 months ago

        Linux isn’t about choice, it’s about freedom. Distro’s don’t owe you the choices you want, because the devs have the freedom to make what they want. You also have the freedom to modify them or make whatever distro you want.

          • @pr06lefs@lemmy.ml
            link
            fedilink
            24 months ago

            Packages in nix are in the store directory, each package in a dir named after the package hash. So you can have 15 versions of firefox installed, for instance, and the different versions go in different folders with different hashnames.

            When it’s time to set up a user env, their specific version of firefox is (conceptually) symlinked into the users profile. When that user executes firefox it gets one out of the 15 versions. Another user may get a different one.

            Anyway, the package store is off limits to users, and a real bad idea to modify for root too.

    • @apt_install_coffee@lemmy.ml
      link
      fedilink
      7
      edit-2
      4 months ago

      I’d argue it’s closer to a mutable distro than an immutable one.

      Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix’s purview, it just won’t be reproducible and may be overwritten by nix.

      You can build an ‘immutable’ environment on nix, but rather than storing changes as transactions like rpm-ostree, it’ll modify path in /nix/store and symlink it. Sure, you can store the internal representation of those changes in a git repo, but that is not the same thing as the changes themselves; if the nixpkgs implementation of a config option changes, the translation on your machine does too.

      • @jamesbunagna@discuss.online
        link
        fedilink
        64 months ago

        Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix’s purview, it just won’t be reproducible and may be overwritten by nix.

        Interesting. If possible, could you more explicitly draw comparisons on how this isn’t quite the same over on say Fedora Atomic? Like, sure changes of /etc are (at least by default) being kept track of. But you indeed can change it. libostree doesn’t even care what you do in your home folder. Thus, changes to e.g. ~/.config (and everything else in /var[1]) are kept nowhere else by default.


        1. Which happens to be more crowded than on other distros as folders like /opt are actually found here as well.
        • @apt_install_coffee@lemmy.ml
          link
          fedilink
          34 months ago

          ~/.config is probably a poor comparison on my part; it’s management is actually done by home-manager rather than Nixos proper, and I can’t think of another OS that fills this same role.

          Nixos generates (for example) /etc/systemd/network to a path in /nix/store and symlinks it to it’s appropriate locations. After the files are generated the appropriate /nix/store paths are (re-mounted? Over-mounted? I’m not sure the implementation) made read-only (by default), but anything that isn’t generated is absolutely both mutable and untracked, and that “not tracking everything in /etc” is more what I’m going on about.

          If you use Nixos as intended (when you find that a package is lacking a config option you want, create your own nix option internally) the distro is effectively immutable, but if you use Nixos for anything moderately complex that changes frequently e.g. a desktop os, you eventually run into the choice: become competent enough to basically be a nixpkgs contributor, or abandon absolute immutability.

          I think the first option is worth it, and did go down that route, but it is unreasonable to expect the average Linux consumer to do so, and so something like fedora atomic is going to remain more “immutable” for them than nixos.

          This need to git gud is thankfully lessening with every commit to nixpkgs, and most people can already get to most places without writing their own set of nix options or learning how to parse //random markup language// into nix, but you’ll eventually run into the barrier.

  • tisktisk
    link
    fedilink
    English
    174 months ago

    I remain interested in the immutables or atomic distros because I know a lot of smart people that swear by them.

    I also don’t try them just yet because I know a lot of dumb people like me that end up breaking a lot of stuff before quitting them altogether.

    They could be amazing and just not perfected yet or they may be a meme and no one’s proved it outright just yet. Will be lurking this thread either way lool :D

    • @Kroxx@lemm.eeOP
      link
      fedilink
      24 months ago

      Yeah I think atomic is more appropriate but I’m not exactly sure what the difference is?

      • tisktisk
        link
        fedilink
        English
        94 months ago

        Immutable = Read-Only Root FS && Updates entire system image rather than individual files
        Atomic = Updates as single transaction (all or no update) && Containerization w/ Rollback capability

        This is quick summary from quick research pls correct where technically wrong.

        • @T0RB1T@lemmy.ca
          link
          fedilink
          114 months ago

          If we’re asking what people mean when they use those descriptors, then you’re correct.

          However, literally speaking, in this context, immutable only means read-only, and atomic only means that updates are applied all-at-once or not at all (no weird in-between state if your update crashes halfway through).

          The rest of the features (rollbacks, containerization, and immutable meaning full system image updates) are typically implied, but not explicitly part of the definition.

          • tisktisk
            link
            fedilink
            English
            34 months ago

            I knew a real wizard would clarify sooner than later. Much obliged and keep up the good work anon!

        • @Kroxx@lemm.eeOP
          link
          fedilink
          24 months ago

          That makes sense, bazzite is referred to as atomic (that’s what I meant in the above comment about atomic being more appropriate, forgot to add that context though lol) specifically instead of immutable. Bazzite updates like you said and you can always roll back, thank you for the explanation!

    • @chunkystyles@sopuli.xyz
      link
      fedilink
      English
      34 months ago

      These distros are great for beginners or less technically savvy. They’re really just harder for people who have been using Linux forever and are very accustomed to the old ways.