I loved your video. What about the reproducible build distros? NixOS and GuixSD? I know you have NixOS but would be cool if you talk about GuixSD and a comparision between them
Here's a small correction- Nixos doesn't necessarily require reboots to apply configurations (or update the system). nixos-rebuild boot makes the updated config available from the next boot onwards, whereas nixos-rebuild switch makes those changes take place right away.
I trust vannila os, pika os, fedora immutable spins, endless os than nix os. They are easier for me to work on. I'm a Fedora Linux user. So I don't want nix os.
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
One thing not mentioned here--in many cases, you can start with a base image and then apply a set of changes to customize your configuration. If you put those changes on a git server, then you now have a versioned record of everything you've done to configure your system. This is of course excellent for reproducibility, but it's also great for experimentation. You can try things out with complete security because if something goes wrong, you can simply revert your changes. I initially tried this out with universal blue, which provides support for customizing fedora silverblue, but then I switched to NixOS, which is really ideal for reproducibility + risk-free experimentation.
Yeah, this is precisely what attracts me to this concept of distros built from declarative configuration files. I have had to keep notes manually about what apps to install, what config changes to make, etc. for whenever I switch computers or refresh my OS. In fact, I have one such document for Linux, one for Firefox (fortunately these days most stuff is synced), one for Android, etc. There are way too many systems and apps that can be tweaked, extended and customized, and keeping track of all the changes is a neverending challenge. Sometimes even distro upgrades mess up with a lot of such tweaks one accumulates over the years, often as an the sum of experiments that happened to stick (so without planning and without documentation). Having a distro where the only way changes can be made is precisely through such documented, explicitly recorded system, would be wonderful way to reduce the amount of manual bookkeeping I have to do to maintain my systems working as intended as circumstances change.
macOS is already doing this sort of thing on mainstream desktops with the introduction of the sealed system volume, so I think immutable distros probably can be made fairly seamless for regular users, so I do think the norm will move in that direction in the coming years
en.wikipedia.org/wiki/System_Integrity_Protection for reference. BSD and Linux have had variations on this feature for quite some time. I think Mac users are less affected because MacOS came with a hierarchy of /System /Library ~/Library that already allowed one to install system-wide (/Library) and user level files without putting things in /System well before they added SIP.
An "immutable" OS is very appealing to me as someone who regularly runs new and unknown software on their daily driver. I always keep a drive image as a backup, but I'd rather avoid the hassle in the first place! Plus the payload may already have gotten inside the image... and the one before that, and the one before that... 😅
I advice you all to watch the talks of Richard Brown, a developer at SUSE who is also the creator of OpenSUSE MicroOS an immutable variant. He did a talk called "Why you should be running the MicroOS Desktop", when he explains why he consider MicroOS to be the "best" distribution he still acknowledge the various disadvantages it can have and the problems that an immutable system still needs to resolve.
@@ButtflapJumpsuit I'm sorry but who is dick brown ? Richard brown is a distro architect at SUSE and created OpenSUSE Aeon (previously OpenSUSE MicroOS).
We already do, this is pretty much exactly how modern Android works. Current phones ship with two system partitions, "Slot A" and "Slot B". Without root, both partitions are read-only. Apps are installed into an overlay file system which can work with either "slot". When you do a system update, it builds the updated system partition into whichever "slot" is not active, then marks that "slot" as active, and reboots. If your bootloader is unlocked, you can even manually select which "slot" to boot from.
@@silverywingsagain I see now that there are some disadvantages. Usually in Android, the bootloader is locked and root is not always easy on every device. The companies can lock us out of their OS. Or it is our OS if we paid for it?
I bet 10 bucks that Apple would do the same thing and sell it as "security update" while all they would do is to charge you extra to let you keep your files after a reboot.
Immutable distros certainly have their momentum, and there is a niche for that approach, but i don't think the classic approach will be gone anytime soon.
I use Fedora Kinoite and i love it. I love the immutable base and im used to work with containers. Kinoite makes it easy for me to keep track of what i installed on the base system and therefore keeps my system clean. If i wanna test something: spawn a podman container and delete the container after testing. Upgrading to a new version of fedora is also extremely safe. If let's say you upgrade from version 38 to 39 you can rollback if something doesnt work properly in the new version. So having a bleeding edge system with this safety net is the perfect combination.
What I don't really get is, why you just don't use "normal" fedora and install your apps in a podman container or just as flatpaks? So you have the best of both worlds. You can change your system if you want to but at the same time you can be sure, that your libraries / dependencies aren't going to get bricked by some updates or new apps that you installed. So what do you gain beside not beeing able to change your system to your liking or just by layering the packages onto the main system? Nicks conclusion is exactly the way I see it too.
@@vaisakh_km no. Having a container running doesn't take resources in itself. If no applications run in the container it won't take any resources just by being started. I think what you are referring to here is virtual machines: those take resources when they run.
In most cases, people should be rebooting any distro after updates. It's the only way to guarantee you're actually using all the new versions of apps & libraries. I've run into a lot of weird issues & instability, when I do not.
I wish every package manager did what zypper does and prompt you after an update to look at what all system components are actively running and are still using a now-deleted or overwritten version of a file. Being able to complete the update process != having the updates take effect.
I am using Ubuntu since what 14.04 or something (many, many, many years)? I barely ever restarted after applying the updates to my server and it always works...
@@igordasunddas3377 The software stack of a server is typically not as complex as a desktop, and not interacted with nearly as frequently, thus you're far less likely to notice any issues. That said, you probably went many long periods with updated software on disk not being used, while the system keeps humming along with the old versions still loaded in memory, leaving your system potentially vulnerable.
@@igordasunddas3377it may work, but there will often be processes which are still running the old version. OpenSUSE tells you which processes need to be restarted which makes it easier, but on distros that don't do that it's better to just reboot every time.
I'm using debian bookworm right now with an arch distrobox container and it's honestly been a joy. Having the rolling release apps with the stability of debian. There are some awkward funny side effects but if you are somewhat experienced with linux it's pretty easy to overcome
@@jothainhahaha. I have all the slowness of LTS with all the instability of rolling release! Look upon my system in awe... Of how I thought this was a good idea... In all seriousness though, for my use case... I actually have arch break less than when I ran an LTS distro...
@@TheEclecticDyslexic Yeah. Like hilariously Ubuntu just borked with updates LTS version to remove GUI stuff or something, anyway making normal login impossible to desktop 🙂. Debian is insanely stabile imo, but yeah in all fairness what I ran openSUSE rolling for quite awhile expecting something nasty to happen, it got boring. Would've kept it, but too much updates for my net connection. Fedora was the same.There indeed are plethora of good quite bleeding edge distros around.
NixOS is great, it's reproducible and doesn't make your computer a guess-the-state mess. It's also great for configuring multiple devices the exact same way.
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
My opinion on this, as someone who's still quite new to the Linux space, is that these would be good for less tech savvy people coming over to Linux. They put a focus on security and stability, and prioritise package managers over any other form of application installation. I think this is very valuable for people who don't really want to edit their system, and just want to be able to click about and do their work/home life. For people who want more control over their systems, asking them to use an immutable system would be a bit of a stretch. I'm thinking someone like my mum could use an immutable Linux as her home OS. She's very prone to breaking things by simply panicking and clicking the wrong things, and she's very good at finding the wrong stuff on the internet and getting viruses. Giving her an immutable system would help a lot, as she can't easily break the internals, and it gives her the stability and package security that she'd seriously benefit from. I think if these ironed out some of the more awkward workarounds that have to be done into more clean, easy solutions, immutable distributions could completely change the way the average computer user sees Linux
macOS is immutable in some way too. The OS files themselves are on a “system volume” which is mounted as a read only snapshot that is recompiled when there’s an update. That means you can reinstall macOS without losing any user files and applications. And it’s VERY difficult for any malware to interfere with core system functionality. macOS switched to this with Big Sur with previous versions bringing CoW APFS and separate system and user volumes similar to LVM.
That's good and all, though having data, /home, etc as separate partition from root is not new but has long been quite common in the world of unix-like systems. I have a spare laptop that I use for testing various distros where the /home partition has sat through almost a dozen installs with zero problems. Edit: typo
@@Sjoerd1993 Back when I used a jail broken iPhone, the root partition was actually not immutable but completely R/W and persistent, and rooted Android is mostly persistent as well, at least for the /data section that cannot be accessed normally, though the system partition is non persistent.
@@szr8that has not been the case for several years. I’d post links but TH-cam…. If you search for “macOS signed system volume” you’ll find a number of Apple support documents about it as it has evolved over the last 3-4 years or thereabouts.
ปีที่แล้ว
@@Sjoerd1993 You can lock down Windows to do the same. Through Group Policy and AD.
Immutable Distros are perfect for people who just want to have a stable and secure system. I play around with OpenSuse Kalpa (MicroOs alpha variant with KDE Plasma) in a VM and I really like it so far. I'm currently on Debian, but I could see me using it in the future. Tumbleweed is already a great stable rolling release but combined with the stability of an immutable system, would make it perfect.
Very clear explanation. Thanks. I've been lucky that since 1998 when I first installed Slackware to now (Linux Mint and Tuxedo OS) I've never managed to break my entire system.
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
@@themedleb I haven't tried but you could do a minimal base install from a ventoy USB, copy your config and home files and rebuild. That would be pretty fast. If I understand your question.
@@cjmoss51 as he's covered the other distros he talks about here in other videos. I was talking about the context in this particular video. I watched his NixOS video before I switched and his video contributed to my decision because he's a smart guy. He always asks for feedback and I think it was misleading to include NixOS with the other immutables.
The future is now for me since Nixos and OpenSuse kalpa are my daily drivers. Even my home lab server is an immutable operating system - OpenSuse micro os.
The best immutable linux distro is a Linux Live disk on a read only CD Rom, which Linux Mint no longer supports, perhaps someday Chrome OS will, which would be a pretty secure distro.
ChromeOS sticks make perfect sense. compared to settings things up, signing in to a Google account doesn't take that long and you can have stuff linked to say google drive instead of local storage. just plug in to any system ,enter network credentials and sign in.
Immutable distros are a likely future for average person. Most people using a computer have no need for the kind of power that a traditional distro provides. They wanna browse the web, send emails and maybe use office. They don't need or want to see the stuff under the hood and having them accidentally break something is a real risk. A risk that immutable systems don't have. Silverblue is something I wanna give a whirl for myself one day. It's looking like it's quite reliable to use on the daily. Steam OS is also very cool. I'm hoping Valve release generic ISOs for that soon. Also, you can update packages on Fedora without a reboot. Updating through the terminal using DNF will just apply the update, no rebooting required. It'll be fine most of the the time. I just let Fedora update when I shut down my PC though, so the reboot option works fine for me.
Cool, didn't know linux had this tech too. Our current Virtual Desktop farm (multi user windows server) is build with the non-persistent principal. A small and clean golden image and the rest is added via app virtualization. Our future farm (W11/W12?) will use similar mechanisms. It's a bit of a learning curve in the beginning but we love the flexibility it gives us. I don't expect this to become a thing for personal users but maybe more for admins managing a lot of linux desktops.
Can I ask how do you guys manage to share the GPU between multiple Virtual Desktops? All the enterprise solutions I found usually use NVIDIA GRID or don't share the GPU.
@@tablettablete186 hi, we actually have no apps that really require a GPU so it's not an issue for us. We never really checked out what's possible so i'm afraid I can't help you with this.
@@tablettablete186I think Windows's Hyper-V has a method for GPU virtualization even on regular consumer GPUs, and it performs pretty well. Don't know of anything similar for Linux hosts though (well, I do, but none that perform as well)
So unless you are advanced user, Immutable Distro is just like security/backup upgrade (the "immutable" reminds me of kotlin). You just have to re-learn how to install & update a software/app, again from the beginning.. Which can be easy or hell depends on YOU, the user.
If everything actually works in the immutable distro (remote file sharing, sleep mode, Bluetooth, etc...) I could see them being better for a casual user like myself. My last attempt to use Linux on my daily desktop was an utter failure of a system going into a coma whenever it went to sleep. Of course, I'm still waiting for native HDR support before I try Linux again.
After 13-15 years of messing with LInux, I consider myself on the cusp of being an intermediate user (but still far away). I say that, because I can see that something like this would keep beginners from breaking their distro so easily. Problem is that it doesn't sound user friendly. Besides, you learn more about your system when you break it (hopefully by accident) and then try to fix it. Then there's the core concept of Linux (at least as I perceive it): the freedom to make it entirely your own. I don't see how an immutable Linux distro affords that ability.
My dad, who turns 83 this year, has an old laptop where Windows was the OS. I made him switch to linux and an immutable system was the way to go, although I didn't. He lives a ways away but next time I see him I'm installing an immutable system on his laptop. This is great for comapnies using linux aswell . Haven't tried the distros myself but I do see the benefits of them and that the user won't mess things up as easily, whether it's for me I don't know, I'm fine with the way things are on my system.
Sorry, but end-users probably are the LAST group of people with the ability to mess anything up on linux (not like they'll be able to su or sudo, and if they're jailed it shouldn't have been a problem anyway)...so if you think you need it to any users: it's yourself as the admin you _really_ fear messing everything up.
@@DxBlack Guess you're right but I can't count the number of times by dad has messed something up on his PC, he's a tinkerer and always has been. Anyway I don't think it can hurt him in any way and if something was to go awry I get a chance to tinker myself 🙂
Immutable is the Android cognate of Linux. It's great for business usage, and for stable usage for things like Multi-Media creation workstations in corporate environments, and they're also great for newbies who not only un-tech savvy, but don't know what Linux is about, and don't want a geek to babysit them so they don't break their install every few hours.
Immutable distros sure look like an interesting approach for servers or systems that need to be super duper stable. But right now I'm good with Debian testing (even if I sometimes want newer packages earlier...). Thank you for showing us what they can do!
09:20 Just as a heads-up, you don't need root privileges to update your image, just `rpm-ostree upgrade` will do. Same is true for installing/layering new packages ;-)
Interesting to see that Vanilla OS is in the process of rebasing from Ubuntu to Debian. Hopefully Linux Mint does the same soon (despite Clemenet Lefevre's diplomatic statements about wanting to maintain a healthy working relationship with Canonical)....
They are gold for true Linux noobs. I remember playing with Ubuntu 10 years ago and the distro throughout years of trying different versions and updates after while would have the gui fail to launch. The Bluetooth would break. The same WIFI that I had used to download the update would not work after the update. Even now my HDR display would probably be useless on most distros. So far I have been using the steam deck to play Dragon Age Origins, and since cloud save doesn't work I've been using the Steam Deck as my main computer for about a month. Firefox does not full screen properly in game mode, and Chrome crashes pretty often, but the reboots are reasonably quick. HDR randomly turning off has been the only other draw back. I haven't noticed anything that would have let me know that it was immutable as I am probably the target audience for the Steam Deck. Oh, and the HDR fix is super simple, just turn it off and back on in settings then it works for a long time, not sure how long, I am not sure that issue happened more than one time or not. Either way it is seemingly acceptable. Would be nice if they made playing a walk-through while playing a game a little easier, but even that isn't that hard. Alt-tab would be nice though. No major complaints.
In Linux you reboot only when system libraries are updated. Basically when there's a kernel update. If something from your desktop is updated, you just need to logout and log back in. For some apps you just restart them. This might seem overwhelming for some so some distros opt to request a full system restart.
My father, a lifelong MS-DOS and Windows user, learned Linux in his final years - on Mint, as it happens. Age is only a number, as they say. I fully feel you on committing to what works, but never lose that human spirit of curiosity!
Latest Elive Linux has that covered in a nice way. On boot you can choose to boot in your standard system or into their so called "impermutable' system. The latter allows everything the normal system would, except that all changes will be lost after a reboot. It's great for testing intricate stuff that could break your system. 😇
In all honesty, for me immutable distros have been being the present (in the form of OSTree-based Fedora’s Universal Blue Kinoite and Sericea) for the last almost two years…
Thanks for this overview on immutable distros, Nick. I actually considered to put BlendOS onto a ThinkPad I would use exclusively for work but the handling of updates and stuff still feels weird to me. Maybe sticking with openSuSE Leap and snapshots is the smarter approach here? I don't know. But I like the concept a lot, especially since both BlendOS and VanillaOS try to get rid of the issue of where to obtain packages from since that's still an issue with say Arch having patches and changes Ubuntu users have no access to even with PPAs. At least flatpak compensates for that already a bit.
I can see immutable desktops being used by companies that need to maintain consistency throughout their user base. I can see something like NixOS being used because it can rebuild itself after each reboot.
Actually these immutable distros remind me to no-root docker containers. We even had an enterprise kubernetes cluster which enforced using only non-root images. I think they are quite common as server machine images as well.
It's never "one size fits all" or one way of doing things that fits everyone's needs. Immutable distros show off the power of Linux in what they bring to the table for those who want those things...and like all things Linux, they're just an option.
Re: updates - this is a feature that even some non-immutable distros like Garuda have as well thanks to full btrfs use. On Garuda in particular, btrfs snapshots are created every time “pacman -Syu” is run and every snapshot is added to your GRUB menu, so if some update breaks your system, just boot into an old snapshot and you’ll be prompted to restore it when it’s fully booted.
Immutable systems are inspired by how smartphone operating systems are already image-based. If you can deal with the whole OS as a single image, Secure Boot (or a future technology like it) becomes way more powerful. Antivirus software, while practically unnecessary now on Linux, will offer even less benefit on an immutable system because you can just restore the device with a reboot. Overall, I’m on board with the idea of immutable systems, but there is still enough to tinker with (e.g., graphics drivers doing funky things) to make these systems undesirable to large segments of the community.
I pretty much think that immutable distros are much better for enterprise workstations. It makes the work of the IT guys much easier since it is already locked down. Normal distro is still the best for home workstation....
Great video! I am wondering if running another distro inside the container of an immutable distro works better than virtual machines? It could be a good thing to check out other distros without having to reinstall the OS from scratch every time for bare metal vs possible limitations in VMs. I also think in some cases, tinkering with distros inside a container could provide more security. At some point I want to take the time to learn Arch and it's nice to know that if I break Arch, I still have a secure functioning OS where I can still do my daily tasks.
It doesn't really work like that. If you start a arch container for example; this is one command to create it, another command to start it. Then you just install any packages you want and start those programs. You don't ever install or use the desktop that comes with arch. You won't do much in terms of configuration or customisation. It is awesome but not even close to full installation experience.
I've done something similar to this (the hard way) for years. I do all my banking on a VM that is itself as locked down and isolated as possible. Every time I use it, I revert it to its previous state. It's also on its own disk, and I cut power to it when it's not in use via a honest-to-goodness toggle switch (not a momentary switch). These new immutable distributions sound like they could take some of this manual effort out of my hands!
A nice to way it is: Traditional linux distros are a distribution of packages that are managed by a.......package manager "Immutable" linux distros are distribution of a operating system image on top of which you can install additional software
These Immutable systems sound very cool and I wish I could adopt it. But in no way I'm going to jump into this rabbit hole of again trying to learn how to do basic stuff. Things should be easy and the user should be able to do it in a couple of clicks.
I don't think this will be the future for everyone, but its amazing for enterprise and beginners. I'm honestly excited for what this tech can do for linux on mobile.
This sounds a lot like a live Linux environment with a persistence “overlay” - this allows you to have read/write access to the whole OS while keeping the base OS image.
Following one of your previous videos, I tried nixos as my desktop. I like what it's trying to do. But I had a show-stopper. KDESVN is something I use/rely-on. Nixos doesn't include it in its kde packages build. So I went down a several-day rabbit hole of trying to built it myself. I'm a retired software engineer, so not particularly bothered by the idea of building an app from sources. But after several days of banging my head against different brick walls in nixos, I gave up. Nixos trades something I didn't know I needed for something that I did need.
I love a lot about the idea of immutable distros. Having my computer work like a fresh install all the time sounds great. But I worry that they give too much control to the distro makers. It feels like a step towards walled garden ecosystems. And I do quite strongly oppose that.
I used nix for 2 years + . Had to use the rollback for some reason my pc don't like the stable kernel. So happy it works this good and even with ext4 and not forcing btrfs on you. Even tho i liked using that it wears more 'the filesystem' . The minus side, is that you need to "collect your garbage" and it will take large amount of space on your drive (the old generations) :)
Thank you for this informative tutorial presentation. I did try an immutable (Silverblue), but was stuck since the extra programs i needed were not available as flatpacks or within containers. I guess I am one year too early to be an immutable system user. I am a Fedora 38 user, and from day zero to today (4.5months), I have had zero issues. Perhaps it is because of btrfs file system, or my being the sole user of my desktop system. I have not ever needed to roll-back any software I downloaded, but who knows about the future.
Hello, Good to hear that Fedora works great for you. Which software did you miss in containers? It should all be there, only the core components of your OS cannot come from within a container. But I have to admit that it is not trivial to work with containers, at least right now. I think that is something that needs and will improve in the upcoming years
@@matthiasbendewald1803 It did not work for me. I have 4 other partitions that I have and wanted to add to /etc/fstab, to be mounted at time of system boot but ... I then received information explaining how to add to the immutable /etc/fstab. So, I have an updated /etc/fstab and all is well.
My Development forders are shared across 5 distros on the same system. Each distro has it's own boot drive, and all share a /Development, a /LinuxStuff, a /temp and /Backup. Each Devt system has it's own /home. For now, silverblue is not for me, (I think).
Currently on VanillaOS and it is a blast., atleast for me who is using Linux mainly as a everyday machine rather than a workstation. It is something I can see preinstalled on devices in the near future and I hope they can pull all of their goals off. Their premise is great and I love what they accomplished, hopefully OS 2 will turn out even better than the first one. Thanks for the Video on this topic!
@@Skelterbane69 you can’t, they have intentions to atleast bring KDE into the mix but currently only GNOME. If you look for another immutable, more friendly Distro, Silverblue/Kinoite especially with ublue and BlendOS are great too.
Tried Fedora Kinoite a few weeks ago. The first flatpak program I installed wouldn't run because of missing dependencies in the OS. The FIRST! 😂 Installed regular fedora workstation and decided to postpone immutable experiments for a while...
immutable distros are too sterile for learners. If you can't mess it up then you can't understand it. I suppose this is a great thing for users that don't care how it works, as long as it works.
There's a reason why Chromebooks are doing pretty well in schools: system updates happening in the background without user interaction and without having to wait for the system to apply updates on shutdown or boot is perfect for people who are not computer savvy. Immutable distros are interesting for such users at least for the more seamless system updates.
The personal Chromebook I had (ie my own and not administered by anyone else) would only update on a reboot. I can't say I found it a hassle but if you count Chrome OS and Android as Linux then immutable Linux OSs are already in the ascendancy as they seem to work in the same basic way as the immutables. Back to the future!
I’m actually using a semi immutable os right now there’s a command to remove the immutablenes and the home doesn’t get wiped, updating wipes changes but it’s convenient for a gaming focused “just works” pc
I honestly think immutable OSes are better for new users and most intermediate users. The added stability, the ease of using flatpak and flathub as your single packaging system, not being allowed to screw up your system. All of these benefit newer users. I do think the concept of immutability goes agains the idea of a free, and open system. But it seems like a better way of doing things for a lot of people. This is why I main Nix
I think immutable distros make more sense for new computer users than anyone else on the desktop. Considering that they're essentially bulletproof, it's harder to break them than a traditional (Mac/Windows/Linux) system and many of them update automatically. It makes for alot less headaches when you just want to give grandma a system that works.
+1 for NixOS. Once you get familiar with it and set it up, everything will just work while you don’t have to deal with down configuration conflict especially Docker and LXC.
Immutable distros are convenient not for pro users, but for vendors of appliances like Steam Deck. Each state of the system being deterministic and predictable means less bugs in the bugtracker, less angry users, less complaints, less bad reviews. If you are able to maintain your system by yourself - you don't need immutability.
Back in the day I worked for a small mom and pop PC repair place that sold some desktops with live cd OS’s only, the few people that bought them loved it because they stopped getting viruses and destroying their OS.
I use NixOS, but I actually use a tmpfs as rootfs, to guarantee that there are no changes to the filesystem which arent specified in the config. On boot, it them bind mounts and symlinks paths which should be persisted, as well as some paths which can't be in the nix store, into place. BTW even my home directory is on the tmpfs. I just persist the XDG directories (Documents, Downloads, etc.) + some more, and the rest gets thrown away at reboot. Helps keep the number of dotfiles low.
Haiku is kinda-immutable too, but has an interesting scheme. The base system is distributed in the same .hpkg packages as regular software, and .hpkgs never unpack, but mount on boot kinda like Snaps but without cluttering mount list. To install a package, you don't even really need to use a package manager, you can just copy the package into /system/packages/ You can also install a package per-user, by copying it into ~/config/packages/, but this has no use as of right now, since the OS is single-user in R1
I think the appeal of immutable distro's is for businesses and government. It makes computers a whole lot more secure and predictable. Which is actually the selling point of ChromeOS, which Google is pushing towards enterprises lately. The beauty of other distro's doing this, means that enterprises and governments can roll their own with an extra layer.
I don't think these things will replace conventional distros for users who want to get into the entrails of their systems, but I think they might be good for people who want a reliable computer for doing their work and living their life with (I'm one of those). I've had a brief play with two immutables: Kinoite, because it was the only way I could do an install of Plasma v. 6.0 to try it out (I always seem to have problems with KDE/Plasma), and Endless OS. Both seem nice calm systems, and Endless, though still with a big education focus, now has a default interface designed for adults. I have a friend who's bright but definitely not tech oriented, and I'm beginning to think that Endless might be rather good for her. As I understand it, updating is like updating the OS on your phone, and lots of people are happy enough with that. And Flatpak works fine for non-technical software. These could be just the thing if there really is a surge of refugees from Microsoft.
Imo That's the future. Unified base, robust update and integrated backup. This won't be attractive to people who build from scratch, but for 99% of people, it will be good enough. Immutable distros are not as limited as people imagine
For me it's not. I hate flatpaks and snaps. Regular distributions are stable and secure enough. Immutable distros are a huge bloat, and they have usually worse performance, especially on lower end PCs.
@@matyasmarkkovacs8336 That's not entirely true. For example snap desktop represents significantly less overhead. At some point performance hit will be negligible. Traditional package managers aren't very stable, one dependency issue and you can nuke your entire desktop. Linux desktop needs something more stable and be able to be up-to-date at the same time.
@@dand337 Traditional package managers are very stable if you use a stable distribution. Sure, things can break on Arch, because it's bleeding edge, but on a Debian based distro like Linux Mint it is extremely rare. I've never experienced so serious dependency issue which could nuke my whole system.
I wouldn't use an immutable distribution. All it does is add complexity. I published something in the past year about how complex systems are bad and I stand by it. Mint doesn't have a box to reverse touchpad scroll direction which sounds completely irrelevant, but the point is programmers are making things "cool" but more difficult and problematic despite fundamental functions not being configurable at all without complex text file editing.
i've installed silverblue simply because i need something that i can always count on working for my school laptop. too many times have i created bigger issues trying to solve little ones
It's a different way of thinking how you set up a system. It also allows you or someone you trust to deploy systems that are tested and setup otb for the end user. The only issue I had with immutable's is mullvad VPN client needing access to low level files even using OpenVPN but that's on me. I love them and the containerized workflows are excellent for dev work .
I had install silverblue on my second laptop, it worked fine for the most part however there were things I hadn't been able do till this date like use cuda with pytorch inside toolbox.
Head to squarespace.com/thelinuxexperiment to save 10% off your first purchase of a website or domain using code thelinuxexperiment
I loved your video.
What about the reproducible build distros? NixOS and GuixSD?
I know you have NixOS but would be cool if you talk about GuixSD and a comparision between them
I don’t see this being the future for me as I like the idea of updating my apps and directly doing things
KIOSK.
Here's a small correction- Nixos doesn't necessarily require reboots to apply configurations (or update the system).
nixos-rebuild boot makes the updated config available from the next boot onwards, whereas nixos-rebuild switch makes those changes take place right away.
I trust vannila os, pika os, fedora immutable spins, endless os than nix os. They are easier for me to work on. I'm a Fedora Linux user. So I don't want nix os.
Yes, and in Fedora Silverblue same can be done with the terminal option/command apply-live
seems like many youtubers make this mistake 😅
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
Opensuse aeon (was micros desktop) also comes with the option to directly apply changes in the running system. It is not adviced to do so, though...
One thing not mentioned here--in many cases, you can start with a base image and then apply a set of changes to customize your configuration. If you put those changes on a git server, then you now have a versioned record of everything you've done to configure your system. This is of course excellent for reproducibility, but it's also great for experimentation. You can try things out with complete security because if something goes wrong, you can simply revert your changes.
I initially tried this out with universal blue, which provides support for customizing fedora silverblue, but then I switched to NixOS, which is really ideal for reproducibility + risk-free experimentation.
Yeah, this is precisely what attracts me to this concept of distros built from declarative configuration files. I have had to keep notes manually about what apps to install, what config changes to make, etc. for whenever I switch computers or refresh my OS. In fact, I have one such document for Linux, one for Firefox (fortunately these days most stuff is synced), one for Android, etc. There are way too many systems and apps that can be tweaked, extended and customized, and keeping track of all the changes is a neverending challenge. Sometimes even distro upgrades mess up with a lot of such tweaks one accumulates over the years, often as an the sum of experiments that happened to stick (so without planning and without documentation). Having a distro where the only way changes can be made is precisely through such documented, explicitly recorded system, would be wonderful way to reduce the amount of manual bookkeeping I have to do to maintain my systems working as intended as circumstances change.
“Are the future of Linux?”
Edit: This mistake in the title has since been corrected.
Dammit
huh ?
@@siliconhawkI think it was about the title
@@siliconhawk it was a mistake in the title that has since been corrected.
oh okay then thx @@WilburJaywright
macOS is already doing this sort of thing on mainstream desktops with the introduction of the sealed system volume, so I think immutable distros probably can be made fairly seamless for regular users, so I do think the norm will move in that direction in the coming years
en.wikipedia.org/wiki/System_Integrity_Protection for reference. BSD and Linux have had variations on this feature for quite some time. I think Mac users are less affected because MacOS came with a hierarchy of /System /Library ~/Library that already allowed one to install system-wide (/Library) and user level files without putting things in /System well before they added SIP.
@@jasonkenney2231a link in a youtube comments section? how?
An "immutable" OS is very appealing to me as someone who regularly runs new and unknown software on their daily driver. I always keep a drive image as a backup, but I'd rather avoid the hassle in the first place!
Plus the payload may already have gotten inside the image... and the one before that, and the one before that... 😅
I advice you all to watch the talks of Richard Brown, a developer at SUSE who is also the creator of OpenSUSE MicroOS an immutable variant.
He did a talk called "Why you should be running the MicroOS Desktop", when he explains why he consider MicroOS to be the "best" distribution he still acknowledge the various disadvantages it can have and the problems that an immutable system still needs to resolve.
Are you saying that Dick Brown created MicroOS?
@@ButtflapJumpsuit I'm sorry but who is dick brown ?
Richard brown is a distro architect at SUSE and created OpenSUSE Aeon (previously OpenSUSE MicroOS).
I really like the idea of immutable distro. They have a lot of potential for the future. I hope we will have this for smartphone soon.
We already do, this is pretty much exactly how modern Android works. Current phones ship with two system partitions, "Slot A" and "Slot B". Without root, both partitions are read-only. Apps are installed into an overlay file system which can work with either "slot". When you do a system update, it builds the updated system partition into whichever "slot" is not active, then marks that "slot" as active, and reboots. If your bootloader is unlocked, you can even manually select which "slot" to boot from.
@@silverywingsagain I see now that there are some disadvantages. Usually in Android, the bootloader is locked and root is not always easy on every device. The companies can lock us out of their OS. Or it is our OS if we paid for it?
I bet 10 bucks that Apple would do the same thing and sell it as "security update" while all they would do is to charge you extra to let you keep your files after a reboot.
It already mostly is.
macOS already runs much like this.
Macos is already doing it for few years.
@@476429yes mostly a few things can de done without a Update but its not weong its semi imutable
Linux users try to go one second without bringing up Apple or Microsoft challenge (IMPOSSIBLE)
Immutable distros certainly have their momentum, and there is a niche for that approach, but i don't think the classic approach will be gone anytime soon.
I was gonna say; sounds cool, but what does it do for me as an everyday EndeavorOS user?
I use Fedora Kinoite and i love it. I love the immutable base and im used to work with containers. Kinoite makes it easy for me to keep track of what i installed on the base system and therefore keeps my system clean. If i wanna test something: spawn a podman container and delete the container after testing.
Upgrading to a new version of fedora is also extremely safe. If let's say you upgrade from version 38 to 39 you can rollback if something doesnt work properly in the new version. So having a bleeding edge system with this safety net is the perfect combination.
Is immutable distros good for laptops? A lot of containers runnin_ will takes up a lot of power right?
What I don't really get is, why you just don't use "normal" fedora and install your apps in a podman container or just as flatpaks? So you have the best of both worlds. You can change your system if you want to but at the same time you can be sure, that your libraries / dependencies aren't going to get bricked by some updates or new apps that you installed. So what do you gain beside not beeing able to change your system to your liking or just by layering the packages onto the main system? Nicks conclusion is exactly the way I see it too.
@@vaisakh_km no. Having a container running doesn't take resources in itself. If no applications run in the container it won't take any resources just by being started. I think what you are referring to here is virtual machines: those take resources when they run.
@@vaisakh_km A container is not a VM.
In most cases, people should be rebooting any distro after updates. It's the only way to guarantee you're actually using all the new versions of apps & libraries. I've run into a lot of weird issues & instability, when I do not.
I just update before I shut my pc off, before I go to bed.
Pretty simple.
I wish every package manager did what zypper does and prompt you after an update to look at what all system components are actively running and are still using a now-deleted or overwritten version of a file.
Being able to complete the update process != having the updates take effect.
I am using Ubuntu since what 14.04 or something (many, many, many years)? I barely ever restarted after applying the updates to my server and it always works...
@@igordasunddas3377 The software stack of a server is typically not as complex as a desktop, and not interacted with nearly as frequently, thus you're far less likely to notice any issues. That said, you probably went many long periods with updated software on disk not being used, while the system keeps humming along with the old versions still loaded in memory, leaving your system potentially vulnerable.
@@igordasunddas3377it may work, but there will often be processes which are still running the old version. OpenSUSE tells you which processes need to be restarted which makes it easier, but on distros that don't do that it's better to just reboot every time.
I'm using debian bookworm right now with an arch distrobox container and it's honestly been a joy. Having the rolling release apps with the stability of debian. There are some awkward funny side effects but if you are somewhat experienced with linux it's pretty easy to overcome
Lol, I initially read that the exact opposite and was like "what the f is this guy trying to accomplish?" 😀
@@jothain Yeah the opposite would be pretty weird ngl, my somewhat broken English might have thrown you off, my bad
@@p3rtang No, not at all. Likely my non-native English skills made trick to me trying to read fast. Reading again I realized what you actually meant 🙂
@@jothainhahaha. I have all the slowness of LTS with all the instability of rolling release! Look upon my system in awe... Of how I thought this was a good idea...
In all seriousness though, for my use case... I actually have arch break less than when I ran an LTS distro...
@@TheEclecticDyslexic Yeah. Like hilariously Ubuntu just borked with updates LTS version to remove GUI stuff or something, anyway making normal login impossible to desktop 🙂. Debian is insanely stabile imo, but yeah in all fairness what I ran openSUSE rolling for quite awhile expecting something nasty to happen, it got boring. Would've kept it, but too much updates for my net connection. Fedora was the same.There indeed are plethora of good quite bleeding edge distros around.
NixOS is great, it's reproducible and doesn't make your computer a guess-the-state mess.
It's also great for configuring multiple devices the exact same way.
Yeah Nix is wonderful
I really wanted to switch to it... But i am afraid whether it is another year long rabbit hole i am getting into...
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
@@vaisakh_km This!
@@themedlebunfortunately not, NixOS needs internet to install packages and it has almost nothing by default.
I don't know if this will take over regular Linux desktop, but this is probably the way for future linux mobile.
My opinion on this, as someone who's still quite new to the Linux space, is that these would be good for less tech savvy people coming over to Linux. They put a focus on security and stability, and prioritise package managers over any other form of application installation. I think this is very valuable for people who don't really want to edit their system, and just want to be able to click about and do their work/home life. For people who want more control over their systems, asking them to use an immutable system would be a bit of a stretch.
I'm thinking someone like my mum could use an immutable Linux as her home OS. She's very prone to breaking things by simply panicking and clicking the wrong things, and she's very good at finding the wrong stuff on the internet and getting viruses. Giving her an immutable system would help a lot, as she can't easily break the internals, and it gives her the stability and package security that she'd seriously benefit from. I think if these ironed out some of the more awkward workarounds that have to be done into more clean, easy solutions, immutable distributions could completely change the way the average computer user sees Linux
macOS is immutable in some way too. The OS files themselves are on a “system volume” which is mounted as a read only snapshot that is recompiled when there’s an update. That means you can reinstall macOS without losing any user files and applications. And it’s VERY difficult for any malware to interfere with core system functionality. macOS switched to this with Big Sur with previous versions bringing CoW APFS and separate system and user volumes similar to LVM.
That's good and all, though having data, /home, etc as separate partition from root is not new but has long been quite common in the world of unix-like systems.
I have a spare laptop that I use for testing various distros where the /home partition has sat through almost a dozen installs with zero problems.
Edit: typo
MacOS, Android and iOS are all immutable. The only major OS that isn't is Microsoft Windows, and most Linux distro's.
@@Sjoerd1993 Back when I used a jail broken iPhone, the root partition was actually not immutable but completely R/W and persistent, and rooted Android is mostly persistent as well, at least for the /data section that cannot be accessed normally, though the system partition is non persistent.
@@szr8that has not been the case for several years. I’d post links but TH-cam….
If you search for “macOS signed system volume” you’ll find a number of Apple support documents about it as it has evolved over the last 3-4 years or thereabouts.
@@Sjoerd1993 You can lock down Windows to do the same. Through Group Policy and AD.
Immutable Distros are perfect for people who just want to have a stable and secure system. I play around with OpenSuse Kalpa (MicroOs alpha variant with KDE Plasma) in a VM and I really like it so far. I'm currently on Debian, but I could see me using it in the future. Tumbleweed is already a great stable rolling release but combined with the stability of an immutable system, would make it perfect.
Very clear explanation. Thanks. I've been lucky that since 1998 when I first installed Slackware to now (Linux Mint and Tuxedo OS) I've never managed to break my entire system.
Wow
+1 for NixOS.
It's too bad you lumped it with the other immutables because it doesn't suffer the drawbacks you mentioned (except learning curve).
I like the NixOS concept, but I want to have a working ISO image on disk (offline/locally) to be able to install it whenever I need without relying on the internet all the time. Is there an easy way to do it with NixOS using a config file? I use Fedora Kinoite now, and I like it, can't go back to mutable distros ever.
@@themedleb I haven't tried but you could do a minimal base install from a ventoy USB, copy your config and home files and rebuild. That would be pretty fast. If I understand your question.
He has an entire video just on NixOS. He has definitely covered this.
@@cjmoss51 as he's covered the other distros he talks about here in other videos. I was talking about the context in this particular video. I watched his NixOS video before I switched and his video contributed to my decision because he's a smart guy. He always asks for feedback and I think it was misleading to include NixOS with the other immutables.
The future is now for me since Nixos and OpenSuse kalpa are my daily drivers. Even my home lab server is an immutable operating system - OpenSuse micro os.
0:09 missed opportunity to say “what the FOSS is all about”
The best immutable linux distro is a Linux Live disk on a read only CD Rom, which Linux Mint no longer supports, perhaps someday Chrome OS will, which would be a pretty secure distro.
Puppy Linux
ChromeOS sticks make perfect sense. compared to settings things up, signing in to a Google account doesn't take that long and you can have stuff linked to say google drive instead of local storage. just plug in to any system ,enter network credentials and sign in.
CD ROM? Why not use a floppy disk (diskette) instead?
Have you tried u-blue.
@@replikvltyoutube3727 EasyOS. Not only a "pioneer" of "immutability", but also of containeralisation. Also from Barry Kauler
Immutable distros are a likely future for average person. Most people using a computer have no need for the kind of power that a traditional distro provides. They wanna browse the web, send emails and maybe use office. They don't need or want to see the stuff under the hood and having them accidentally break something is a real risk. A risk that immutable systems don't have.
Silverblue is something I wanna give a whirl for myself one day. It's looking like it's quite reliable to use on the daily. Steam OS is also very cool. I'm hoping Valve release generic ISOs for that soon.
Also, you can update packages on Fedora without a reboot. Updating through the terminal using DNF will just apply the update, no rebooting required. It'll be fine most of the the time. I just let Fedora update when I shut down my PC though, so the reboot option works fine for me.
Cool, didn't know linux had this tech too. Our current Virtual Desktop farm (multi user windows server) is build with the non-persistent principal. A small and clean golden image and the rest is added via app virtualization. Our future farm (W11/W12?) will use similar mechanisms. It's a bit of a learning curve in the beginning but we love the flexibility it gives us.
I don't expect this to become a thing for personal users but maybe more for admins managing a lot of linux desktops.
Yeah probably for workstations where you want to make sure you don’t have to fix things all the time!
Can I ask how do you guys manage to share the GPU between multiple Virtual Desktops?
All the enterprise solutions I found usually use NVIDIA GRID or don't share the GPU.
@@tablettablete186 hi, we actually have no apps that really require a GPU so it's not an issue for us. We never really checked out what's possible so i'm afraid I can't help you with this.
@@IgorEngelen1974 Sad, but thanks for responding! I guess I will continue on my search!
@@tablettablete186I think Windows's Hyper-V has a method for GPU virtualization even on regular consumer GPUs, and it performs pretty well. Don't know of anything similar for Linux hosts though (well, I do, but none that perform as well)
So unless you are advanced user, Immutable Distro is just like security/backup upgrade (the "immutable" reminds me of kotlin).
You just have to re-learn how to install & update a software/app, again from the beginning.. Which can be easy or hell depends on YOU, the user.
If everything actually works in the immutable distro (remote file sharing, sleep mode, Bluetooth, etc...) I could see them being better for a casual user like myself. My last attempt to use Linux on my daily desktop was an utter failure of a system going into a coma whenever it went to sleep. Of course, I'm still waiting for native HDR support before I try Linux again.
After 13-15 years of messing with LInux, I consider myself on the cusp of being an intermediate user (but still far away). I say that, because I can see that something like this would keep beginners from breaking their distro so easily. Problem is that it doesn't sound user friendly. Besides, you learn more about your system when you break it (hopefully by accident) and then try to fix it. Then there's the core concept of Linux (at least as I perceive it): the freedom to make it entirely your own. I don't see how an immutable Linux distro affords that ability.
Fedora Kinoite still allows you to install themes and customize your distro. Although with gnome thats not really an option
My dad, who turns 83 this year, has an old laptop where Windows was the OS. I made him switch to linux and an immutable system was the way to go, although I didn't. He lives a ways away but next time I see him I'm installing an immutable system on his laptop. This is great for comapnies using linux aswell . Haven't tried the distros myself but I do see the benefits of them and that the user won't mess things up as easily, whether it's for me I don't know, I'm fine with the way things are on my system.
Sorry, but end-users probably are the LAST group of people with the ability to mess anything up on linux (not like they'll be able to su or sudo, and if they're jailed it shouldn't have been a problem anyway)...so if you think you need it to any users: it's yourself as the admin you _really_ fear messing everything up.
@@DxBlack Guess you're right but I can't count the number of times by dad has messed something up on his PC, he's a tinkerer and always has been. Anyway I don't think it can hurt him in any way and if something was to go awry I get a chance to tinker myself 🙂
Immutable is the Android cognate of Linux. It's great for business usage, and for stable usage for things like Multi-Media creation workstations in corporate environments, and they're also great for newbies who not only un-tech savvy, but don't know what Linux is about, and don't want a geek to babysit them so they don't break their install every few hours.
Immutable distros sure look like an interesting approach for servers or systems that need to be super duper stable. But right now I'm good with Debian testing (even if I sometimes want newer packages earlier...).
Thank you for showing us what they can do!
Jail breaking will be what people will be doing.
09:20 Just as a heads-up, you don't need root privileges to update your image, just `rpm-ostree upgrade` will do. Same is true for installing/layering new packages ;-)
Interesting to see that Vanilla OS is in the process of rebasing from Ubuntu to Debian. Hopefully Linux Mint does the same soon (despite Clemenet Lefevre's diplomatic statements about wanting to maintain a healthy working relationship with Canonical)....
Or move to rocky linux
Linux mint already have a flavour based on Debian
Silverblue user here... for the last year. according to MAtt from Fedora... they ARE the future for Fedora. The benefits way surpass the issues.
They are gold for true Linux noobs. I remember playing with Ubuntu 10 years ago and the distro throughout years of trying different versions and updates after while would have the gui fail to launch. The Bluetooth would break. The same WIFI that I had used to download the update would not work after the update. Even now my HDR display would probably be useless on most distros. So far I have been using the steam deck to play Dragon Age Origins, and since cloud save doesn't work I've been using the Steam Deck as my main computer for about a month. Firefox does not full screen properly in game mode, and Chrome crashes pretty often, but the reboots are reasonably quick. HDR randomly turning off has been the only other draw back. I haven't noticed anything that would have let me know that it was immutable as I am probably the target audience for the Steam Deck. Oh, and the HDR fix is super simple, just turn it off and back on in settings then it works for a long time, not sure how long, I am not sure that issue happened more than one time or not. Either way it is seemingly acceptable. Would be nice if they made playing a walk-through while playing a game a little easier, but even that isn't that hard. Alt-tab would be nice though. No major complaints.
In Linux you reboot only when system libraries are updated. Basically when there's a kernel update. If something from your desktop is updated, you just need to logout and log back in. For some apps you just restart them. This might seem overwhelming for some so some distros opt to request a full system restart.
Great video mate, awesome summary of the immutable Linux landscape at present and how it can be used.
Nah, I've got a one-track mind, I like Linux Mint!! Gone are the days when used to be curious, I'm getting old now. 😊
My father, a lifelong MS-DOS and Windows user, learned Linux in his final years - on Mint, as it happens. Age is only a number, as they say.
I fully feel you on committing to what works, but never lose that human spirit of curiosity!
Latest Elive Linux has that covered in a nice way. On boot you can choose to boot in your standard system or into their so called "impermutable' system. The latter allows everything the normal system would, except that all changes will be lost after a reboot. It's great for testing intricate stuff that could break your system. 😇
i gotta say, u are one of the few youtubers that has the ltt segue skills.
I like knowing that my system won't be unusable anytime soon
In all honesty, for me immutable distros have been being the present (in the form of OSTree-based Fedora’s Universal Blue Kinoite and Sericea) for the last almost two years…
Are you usally dishonest?
@@mavfan1 ostree has been a thing for around a decade. I’ve been running it since F35.
Thanks for this overview on immutable distros, Nick.
I actually considered to put BlendOS onto a ThinkPad I would use exclusively for work but the handling of updates and stuff still feels weird to me.
Maybe sticking with openSuSE Leap and snapshots is the smarter approach here? I don't know.
But I like the concept a lot, especially since both BlendOS and VanillaOS try to get rid of the issue of where to obtain packages from since that's still an issue with say Arch having patches and changes Ubuntu users have no access to even with PPAs.
At least flatpak compensates for that already a bit.
that sponsor segways was not unexpected but smooth 😂
I can see immutable desktops being used by companies that need to maintain consistency throughout their user base. I can see something like NixOS being used because it can rebuild itself after each reboot.
Still loving my so simple Vanilla OS.
Actually these immutable distros remind me to no-root docker containers. We even had an enterprise kubernetes cluster which enforced using only non-root images. I think they are quite common as server machine images as well.
It's never "one size fits all" or one way of doing things that fits everyone's needs. Immutable distros show off the power of Linux in what they bring to the table for those who want those things...and like all things Linux, they're just an option.
Exactly!
Chromeos is an example of a super-immutable linux distribution
This looks like a good foundation for appliances - after all, Linux underlying Android phones, Kindles, routers etc are essentially immutable.
Re: updates - this is a feature that even some non-immutable distros like Garuda have as well thanks to full btrfs use. On Garuda in particular, btrfs snapshots are created every time “pacman -Syu” is run and every snapshot is added to your GRUB menu, so if some update breaks your system, just boot into an old snapshot and you’ll be prompted to restore it when it’s fully booted.
Immutable systems are inspired by how smartphone operating systems are already image-based. If you can deal with the whole OS as a single image, Secure Boot (or a future technology like it) becomes way more powerful. Antivirus software, while practically unnecessary now on Linux, will offer even less benefit on an immutable system because you can just restore the device with a reboot. Overall, I’m on board with the idea of immutable systems, but there is still enough to tinker with (e.g., graphics drivers doing funky things) to make these systems undesirable to large segments of the community.
I pretty much think that immutable distros are much better for enterprise workstations. It makes the work of the IT guys much easier since it is already locked down. Normal distro is still the best for home workstation....
Great video! I am wondering if running another distro inside the container of an immutable distro works better than virtual machines? It could be a good thing to check out other distros without having to reinstall the OS from scratch every time for bare metal vs possible limitations in VMs.
I also think in some cases, tinkering with distros inside a container could provide more security. At some point I want to take the time to learn Arch and it's nice to know that if I break Arch, I still have a secure functioning OS where I can still do my daily tasks.
It doesn't really work like that. If you start a arch container for example; this is one command to create it, another command to start it. Then you just install any packages you want and start those programs. You don't ever install or use the desktop that comes with arch. You won't do much in terms of configuration or customisation.
It is awesome but not even close to full installation experience.
I've done something similar to this (the hard way) for years. I do all my banking on a VM that is itself as locked down and isolated as possible. Every time I use it, I revert it to its previous state. It's also on its own disk, and I cut power to it when it's not in use via a honest-to-goodness toggle switch (not a momentary switch). These new immutable distributions sound like they could take some of this manual effort out of my hands!
A nice to way it is:
Traditional linux distros are a distribution of packages that are managed by a.......package manager
"Immutable" linux distros are distribution of a operating system image on top of which you can install additional software
These Immutable systems sound very cool and I wish I could adopt it. But in no way I'm going to jump into this rabbit hole of again trying to learn how to do basic stuff. Things should be easy and the user should be able to do it in a couple of clicks.
I don't think this will be the future for everyone, but its amazing for enterprise and beginners. I'm honestly excited for what this tech can do for linux on mobile.
this video so good, i have to re-watch it and take serious notes.
This sounds a lot like a live Linux environment with a persistence “overlay” - this allows you to have read/write access to the whole OS while keeping the base OS image.
Following one of your previous videos, I tried nixos as my desktop. I like what it's trying to do. But I had a show-stopper. KDESVN is something I use/rely-on. Nixos doesn't include it in its kde packages build. So I went down a several-day rabbit hole of trying to built it myself. I'm a retired software engineer, so not particularly bothered by the idea of building an app from sources. But after several days of banging my head against different brick walls in nixos, I gave up. Nixos trades something I didn't know I needed for something that I did need.
I love a lot about the idea of immutable distros. Having my computer work like a fresh install all the time sounds great. But I worry that they give too much control to the distro makers. It feels like a step towards walled garden ecosystems. And I do quite strongly oppose that.
I used nix for 2 years + . Had to use the rollback for some reason my pc don't like the stable kernel. So happy it works this good and even with ext4 and not forcing btrfs on you. Even tho i liked using that it wears more 'the filesystem' . The minus side, is that you need to "collect your garbage" and it will take large amount of space on your drive (the old generations) :)
Thank you for this informative tutorial presentation. I did try an immutable (Silverblue), but was stuck since the extra programs i needed were not available as flatpacks or within containers.
I guess I am one year too early to be an immutable system user.
I am a Fedora 38 user, and from day zero to today (4.5months), I have had zero issues. Perhaps it is because of btrfs file system, or my being the sole user of my desktop system.
I have not ever needed to roll-back any software I downloaded, but who knows about the future.
Hello,
Good to hear that Fedora works great for you.
Which software did you miss in containers? It should all be there, only the core components of your OS cannot come from within a container. But I have to admit that it is not trivial to work with containers, at least right now. I think that is something that needs and will improve in the upcoming years
@@matthiasbendewald1803 It did not work for me. I have 4 other partitions that I have and wanted to add to /etc/fstab, to be mounted at time of system boot but ...
I then received information explaining how to add to the immutable /etc/fstab. So, I have an updated /etc/fstab and all is well.
My Development forders are shared across 5 distros on the same system.
Each distro has it's own boot drive, and all share a /Development, a /LinuxStuff, a /temp and /Backup.
Each Devt system has it's own /home.
For now, silverblue is not for me, (I think).
Immutable Linux distros goes against the Linux ethos of being able to change every thing
You’re still able to change things, just not at runtime
Currently on VanillaOS and it is a blast., atleast for me who is using Linux mainly as a everyday machine rather than a workstation. It is something I can see preinstalled on devices in the near future and I hope they can pull all of their goals off. Their premise is great and I love what they accomplished, hopefully OS 2 will turn out even better than the first one. Thanks for the Video on this topic!
I tried Vanilla on my old laptop and it worked really well.
The only thing I hated was the gnome DE.
Idk if or how you could change it.
@@Skelterbane69 you can’t, they have intentions to atleast bring KDE into the mix but currently only GNOME.
If you look for another immutable, more friendly Distro, Silverblue/Kinoite especially with ublue and BlendOS are great too.
@@pascalt3572 I specifically want my hyprland. I'm quite happy with my current distro, but I'd like the safety of immutability.
I hope immutable distros aren't the future. Sounds and looks like they're going backwards to how Windows works.
Tried Fedora Kinoite a few weeks ago. The first flatpak program I installed wouldn't run because of missing dependencies in the OS. The FIRST! 😂 Installed regular fedora workstation and decided to postpone immutable experiments for a while...
immutable distros are too sterile for learners. If you can't mess it up then you can't understand it. I suppose this is a great thing for users that don't care how it works, as long as it works.
There's a reason why Chromebooks are doing pretty well in schools: system updates happening in the background without user interaction and without having to wait for the system to apply updates on shutdown or boot is perfect for people who are not computer savvy.
Immutable distros are interesting for such users at least for the more seamless system updates.
The personal Chromebook I had (ie my own and not administered by anyone else) would only update on a reboot. I can't say I found it a hassle but if you count Chrome OS and Android as Linux then immutable Linux OSs are already in the ascendancy as they seem to work in the same basic way as the immutables.
Back to the future!
I’m actually using a semi immutable os right now there’s a command to remove the immutablenes and the home doesn’t get wiped, updating wipes changes but it’s convenient for a gaming focused “just works” pc
On no... the title typo....
Edit: I feel like your segues are getting better, I find myself smiling at them a lot more often recently. Good job!
And are they future?
I think he meant And Are They _The_ Future?
I do not believe I would try this immutable stuff any-time soon...
I honestly think immutable OSes are better for new users and most intermediate users.
The added stability, the ease of using flatpak and flathub as your single packaging system, not being allowed to screw up your system. All of these benefit newer users.
I do think the concept of immutability goes agains the idea of a free, and open system. But it seems like a better way of doing things for a lot of people.
This is why I main Nix
I think immutable distros make more sense for new computer users than anyone else on the desktop. Considering that they're essentially bulletproof, it's harder to break them than a traditional (Mac/Windows/Linux) system and many of them update automatically. It makes for alot less headaches when you just want to give grandma a system that works.
+1 for NixOS.
Once you get familiar with it and set it up, everything will just work while you don’t have to deal with down configuration conflict especially Docker and LXC.
I think that this will be great for workplaces or even libraries in my area, but I can’t see myself needing this on my laptop
My main issue with using flatpak containers is I haven't been able to make them scale to the correct DPI of my screen.
Immutable distros are convenient not for pro users, but for vendors of appliances like Steam Deck. Each state of the system being deterministic and predictable means less bugs in the bugtracker, less angry users, less complaints, less bad reviews. If you are able to maintain your system by yourself - you don't need immutability.
Back in the day I worked for a small mom and pop PC repair place that sold some desktops with live cd OS’s only, the few people that bought them loved it because they stopped getting viruses and destroying their OS.
NixOS FTW
The new SystemD soft reboot will likely make them a bit easier.
If people keep using their computers as browser appliances, immutable systems make way more sense.
I use NixOS, but I actually use a tmpfs as rootfs, to guarantee that there are no changes to the filesystem which arent specified in the config. On boot, it them bind mounts and symlinks paths which should be persisted, as well as some paths which can't be in the nix store, into place.
BTW even my home directory is on the tmpfs. I just persist the XDG directories (Documents, Downloads, etc.) + some more, and the rest gets thrown away at reboot. Helps keep the number of dotfiles low.
I’m so relieved you don’t expect them to be the future for general desktop Linux.
You can also use the nix package manager as a universal package manager for installing things like vim, shells, and other things.
Haiku is kinda-immutable too, but has an interesting scheme. The base system is distributed in the same .hpkg packages as regular software, and .hpkgs never unpack, but mount on boot kinda like Snaps but without cluttering mount list.
To install a package, you don't even really need to use a package manager, you can just copy the package into /system/packages/
You can also install a package per-user, by copying it into ~/config/packages/, but this has no use as of right now, since the OS is single-user in R1
I think the appeal of immutable distro's is for businesses and government. It makes computers a whole lot more secure and predictable. Which is actually the selling point of ChromeOS, which Google is pushing towards enterprises lately.
The beauty of other distro's doing this, means that enterprises and governments can roll their own with an extra layer.
I don't think these things will replace conventional distros for users who want to get into the entrails of their systems, but I think they might be good for people who want a reliable computer for doing their work and living their life with (I'm one of those). I've had a brief play with two immutables: Kinoite, because it was the only way I could do an install of Plasma v. 6.0 to try it out (I always seem to have problems with KDE/Plasma), and Endless OS. Both seem nice calm systems, and Endless, though still with a big education focus, now has a default interface designed for adults. I have a friend who's bright but definitely not tech oriented, and I'm beginning to think that Endless might be rather good for her. As I understand it, updating is like updating the OS on your phone, and lots of people are happy enough with that. And Flatpak works fine for non-technical software. These could be just the thing if there really is a surge of refugees from Microsoft.
Combining applications makes programs more standardized and easier to fix because they have been containerized.
Imo That's the future. Unified base, robust update and integrated backup. This won't be attractive to people who build from scratch, but for 99% of people, it will be good enough. Immutable distros are not as limited as people imagine
For me it's not. I hate flatpaks and snaps.
Regular distributions are stable and secure enough.
Immutable distros are a huge bloat, and they have usually worse performance, especially on lower end PCs.
@@matyasmarkkovacs8336 That's not entirely true. For example snap desktop represents significantly less overhead. At some point performance hit will be negligible. Traditional package managers aren't very stable, one dependency issue and you can nuke your entire desktop. Linux desktop needs something more stable and be able to be up-to-date at the same time.
@@dand337 Traditional package managers are very stable if you use a stable distribution. Sure, things can break on Arch, because it's bleeding edge, but on a Debian based distro like Linux Mint it is extremely rare. I've never experienced so serious dependency issue which could nuke my whole system.
@@matyasmarkkovacs8336 Look up LTT who removed Pop_OS desktop when trying to install steam.
@@matyasmarkkovacs8336 Unless you're Linus of Linus Tech Tips where a single **sudo apt install steam** nuked his whole desktop 😄
Guess immutable distros could be a very good option for business usage :)
I wouldn't use an immutable distribution. All it does is add complexity. I published something in the past year about how complex systems are bad and I stand by it. Mint doesn't have a box to reverse touchpad scroll direction which sounds completely irrelevant, but the point is programmers are making things "cool" but more difficult and problematic despite fundamental functions not being configurable at all without complex text file editing.
i've installed silverblue simply because i need something that i can always count on working for my school laptop. too many times have i created bigger issues trying to solve little ones
I can't patch the ACPI tables to make my speakers work. If that was a non issue, then I'd use Nix.
I haven't used any of these yet but I think they are the future. Maybe they aren't ready yet but I think they eventually will.
It's a different way of thinking how you set up a system. It also allows you or someone you trust to deploy systems that are tested and setup otb for the end user. The only issue I had with immutable's is mullvad VPN client needing access to low level files even using OpenVPN but that's on me. I love them and the containerized workflows are excellent for dev work .
Informative!
Thank you for the explanation!
I had install silverblue on my second laptop, it worked fine for the most part however there were things I hadn't been able do till this date like use cuda with pytorch inside toolbox.