poki

joined 4 months ago
[–] [email protected] 2 points 4 months ago (2 children)

Consider deleting this one if you will ;) .

[–] [email protected] 2 points 4 months ago

I think you're right. Thank you!

[–] [email protected] 14 points 4 months ago* (last edited 4 months ago)

Btrfs snapshots + Snapper have been (somewhat) pioneered by openSUSE Tumbleweed. Yet, they see value in developing openSUSE Aeon (i.e. their attempt at an 'immutable' distro); otherwise they wouldn't be putting resources into it.

Hence, Btrfs snapshots is (at best) only able to fulfil some aspects we've come to expect from 'immutable' distros. But there's more to it than that.

One of the most simple (and, yet, perhaps most defining) feature that 'immutable' distros come with is atomic updates; i.e. updates either occur or not, there's no in-between messed up state caused by energy outage or whatsoever.

There's a lot more to it than that. To mention a few more:

  • reproducibility
  • declariative system management
  • (some) prevention of cruft accumulation, bit rot and configuration drift
  • better security related to read-only part of OS
  • a lot less undefined/hidden/unknown state

Not all 'immutable' distros possess these qualities. Nor are they aspired by all of them. Hence, lumping them up together is actually a blatant oversight that's been committed way too frequently.

Regardless, if you're interested, consider trying out Fedora Atomic^[1]^, NixOS or openSUSE Aeon for yourself and see what it's all about.


  1. Either through Fedora's own images or the ones provided by uBlue.
[–] [email protected] 4 points 4 months ago* (last edited 4 months ago) (3 children)

OP, it seems as if the fear mongering and misinformation may have reached you through your cautious disposition.

I've gone through every single comment found below your post and at times I've been dumbfounded and/or astonished by the ludicrous claims that are spouted.

FFS, someone even expressed a problem found on imperative systems... While Fedora Atomic can be made (relatively) declarative (i.e. the exact opposite of imperative) for over a year now.

I will leave you with two videos in which the recent conference talks by the very same people that work on Fedora Atomic can be found. Consider watching these if you're interested to know what they're actually currently working on. If you pay attention, you will even notice how they mention common misconceptions that have also been brought up here...

First watch this one. Then, watch this.

The only fair criticism that I've found is the required investment and effort to adjust due to the associated paradigm shift and learning curve. However, this is peanuts compared to Guix System or NixOS.

[–] [email protected] 88 points 4 months ago (1 children)

Even if that's the case, it's telling of Linux' maturity.

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago) (15 children)

is lead by a single person

Ultimately, (some) decisions are made by a single person. However, the list of maintainers suggests that contributions are welcome.

~~> even though there is no evidence that Chromium is not even less secure)~~

~~The double negation makes it hard to understand; but if I would give it a try, then I would get the following:~~

~~"even though there is evidence that Chromium is even less secure)"~~

~~If the above represents your views, could you provide said evidence?~~

even though there is no evidence that Chromium is not even less secure

What's your take on Madaidan's (i.e. security researcher on projects like Kicksecure and Whonix) article on the matter? I'm aware that it's a bit outdated. However, would you be able to confidently claim that nothing found within is relevant today?

[–] [email protected] 2 points 4 months ago

Thank you, once again, for the reply!

I just know that it is even “hard” to replicate the configuration of snapper on a system like Void Linux.

Yeah lol 😅. It's definitely a blessing when it's setup by default. For example, while Fedora Atomic does come with a built-in rollback mechanism through rpm-ostree, Fedora does actually not. Hence, Fedora users are often interested to set it up themselves. And then, they find this gargantuan guide 😂.

But that might also stem from my lack of knowledge. At least the guides I found didn’t provide the same result.

To be honest, I wouldn't be surprised if openSUSE Tumbleweed's implementation is simply better. At least, it would make sense if that were the case. So, I will give you that 😉.

but I think it has the disadvantage of not having such an amazing documentation as other distros.

Fair. Fedora's documentation isn't that great either 😅. Though, in that regard, I'd argue only Arch and Gentoo have excellent documentation. Granted, I suppose that's a prerequisite if the distro claims to be unopinionated; which both of them do while Fedora and openSUSE don't.

If you stumble upon something and are looking for a fix online, you won’t find as much resources for it as there are for debian based distros for example.

I agree. But, for Debian (and Ubuntu), I feel their documentation isn't necessarily better. Instead, their user base is simply more substantial. Hence, there's a pretty good chance that someone has experienced the same issues before you did. And thus, it's easier to find resources on the internet to help with troubleshooting.

All in all, I have to thank you for this amazing exchange.

I feel the same. Thank you! And I would also like to thank you for being patient with me 😅. I have got the tendency to write very long answers and not everyone appreciates those 😅. I even noticed how you weren't particularly appreciative in this interaction. So, to be honest, I was very happy when you messaged me back earlier today. I really appreciate you for that!

I think this is one of the most friendly and informative exchanges I had on lemmy so far. :)

Thank you for being you! I am really grateful for these wholesome and sweet compliments!

Sometimes, I question if it's worth pursuing these conversations. But, thankfully, exchanges like these make it worthwhile. My fate in humanity has just been rekindled. From the bottom of my heart, thank you 😊!

[–] [email protected] 2 points 4 months ago

But to your earlier one, I can get the VPN client working outside of a container. There’s even an RPM file from the vendor, so installing it is just as easy as installing any other package.

Aight. You know what you ought to do then 😉.

I appreciate the input!

It has been my pleasure!

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago)

We're appreciative of your considerations and reservations. However, some of your views seem unnuanced at best or plain biased at worst.

The problem is all the apps and things you may wish to do with your OS.

I'm aware that the rest of the comment goes over this. But, I hope the mention of "all" here is merely an oversight.

Flatpak is the preferred method of installing apps as it doesn't interfere with the OS, but that is a compromise that means more overhead for running apps including memory and disk space

While that's technically true, a (relatively) modern device wouldn't even care. I don't recall OP mention their hardware specifications; but if they're perfectly capable of running VMs, then I don't see why they would be bothered by this (almost) unnoticeable amount of overhead.

its a work in progress

Sure..., but we're not talking about alpha, beta or even RC software. Like, I'm not sure if you're aware, but you make it sound as if it's very new and/or immature. Fedora Atomic has been in the works for over 10 years. It first released their Fedora Atomic Host (currently known as Fedora CoreOS) in 2014 and later released Fedora Atomic Workstation (currently known as Fedora Silverblue) in 2018. Heck, Fedora has already put so much trust in their Atomic branch that they intend for 2028 that immutable variants are the majority of Fedora Linux in use.

By contrast, what is it that you base this statement of? That it receives very active development that most other distros would be jealous of? That it rapidly implements all kinds of new features that you're having difficulty keeping track of?

and with significant compromises at the moment.

This is a big claim. But I haven't seen enough in your comment to substantiate this. Your two best claims are:

  • Flatpak is the preferred method of installing apps as it doesn't interfere with the OS, but that is a compromise that means more overhead for running apps including memory and disk space, and less integration with the host OS than traditional apps.

Which is a problem of Flatpak on all platforms. The very same Flatpak that was recommended by people associated with Steam/Valve for Ubuntu. Furthermore, if OP creates their own image, then this isn't even an issue; they can practically bake whatever they want into their image. There are also multiple tools to get this going. I achieved it in a weekend (as a noob) last year, so it ain't hard. Finally, 'over-reliance' on Flatpak is not even a thing on Guix System and NixOS.

  • You can overlay native apps but the more you overlay onto the immutable os, the more complex upgrading gets and the risks of breaking stuff.

This is not an issue with your own image. If the image itself is busted, then it doesn't come out of the pipeline. Hence, the busted image would not have been delivered to your device in the first place. And, again, layering isn't a thing on Guix System and NixOS. Hence, this problem doesn't exist for them.

Your VPN may just be the first of many programmes you find you need to overlay.

Do you (for some reason) imply that layering is necessarily a bad thing?

If your needs a re very simple then maybe it'll be easy, but if you're using lots of software and tools (particularly if its not available Flatpak) or custom OS config you may find atomic desktops are not yet quite ready for you.

I have yet to receive substantive evidence from you to support this view of yours. I hope you'll deliver...

It could be frustrating and off putting if you try linux immutable, find loads of problems and attribute that to linux when its actually the immutable OS that's the cause.

I could change the word "immutable" in the above sentence to "traditional" and it would have been an equally nonsensical statement.

[–] [email protected] 2 points 4 months ago (2 children)

But I’m fully aware that my frustrations are atomic problems

Are these frustrations solved by layering with rpm-ostree? If so, just go with it. I've always layered over a dozen or so packages and it has worked out fine; it's defaulted to automatic upgrades in the background, so you don't feel much of it anyways.

I just recently learned that openSUSE users also have a lot of stability due to btrfs snapshots, so maybe that’s really the feature I’m looking for. I don’t know much about it, honestly.

I love openSUSE and what they do with Btrfs snapshots and Snapper.

However, in terms of 'robustness' and 'stability', I don't think anything currently out there can hold up to Fedora Atomic, Guix System and NixOS. This is just by design; the leap from traditional to atomic, then reproducible and finally declarative ensures that issues related to hidden/unknown state, accumulation of cruft, bitrot, configuration drift are left behind in the past. If Btrfs snapshots + Snapper would have been sufficient, then openSUSE themselves would never have desired the creation of openSUSE MicroOS (i.e. their attempt at an 'immutable' distro) in the first place.

[–] [email protected] 2 points 4 months ago

That's the most wholesome reply I've had in some time. Thank you for making my day! I appreciate it 😊!

 

(More) Specifics:

  • Undoing the protection should include filling in a password.
  • The password should be different from the one used with sudo or any other passwords that are used for acquiring elevated privileges.

All (possible) solutions and suggestions are welcome! Thanks in advance!

Edit: Perhaps additional specifications:

  • With 'displace‘, I mean anything involving that resembles the result of mv, cp (move, cut, copy) or whatsoever. The files should remain in their previously assigned locations/places and should not be able to 'pop up' anywhere.
  • I require for the files to be unreadable.
  • I don't care if it's modifiable or not.
  • I don't require this for my whole system! Only for a specific set of files.
view more: next ›