I have been working on a similar idea (well ok the <i>concept</i> of an immutable desktop - the tech is completely different) - <a href="https://github.com/mikadosoftware/workstation/tree/master/bin" rel="nofollow">https://github.com/mikadosoftware/workstation/tree/master/bi...</a><p>The article is completely right about this being the future of user OS's - even my half-broke me-ware above has changed how I think about using my laptop - just knowing exactly what is under me is exactly what I have set is ... reassuring.<p>Being able to know I can try things out and a reboot gets me back to my last known good point is ... well a bit like a video game with savepoints. And there becomes an utter focus on data and non-data. And probably the best advantage is that you ratchet up - every security improvement I think of becomes built in and makes my platform one tiny bit higher<p>SilverBlue is well worth watching - I say they really are into something
Sounds similar to what Apple’s doing with Catalina. On <a href="https://www.apple.com/macos/catalina-preview/" rel="nofollow">https://www.apple.com/macos/catalina-preview/</a> they say:<p><i>Dedicated system volume.</i><p>macOS Catalina runs in its own read-only volume, so it’s separate from all other data on your Mac, and nothing can accidentally overwrite your system files. And Gatekeeper ensures that new apps you install have been checked for known security issues before you run them, so you’re always using good software.
I'd like to share a similar project/tool that I developed.<p>Darch. <a href="https://godarch.com/" rel="nofollow">https://godarch.com/</a><p>I essentially use Dockerfiles to build my operating systems. I push them to Docker Hub so that each of my machines have access to them. I can boot them bare-metal, read-only, with a tmpfs overlay. I can apt-get install/remove anything, completely break my system, then reboot and everything is fixed!<p>Here are my recipes: <a href="https://github.com/pauldotknopf/darch-recipes" rel="nofollow">https://github.com/pauldotknopf/darch-recipes</a><p>You can easily get it a test-run with a pre-made VM: <a href="https://pknopf.com/post/2018-11-09-give-ubuntu-darch-a-quick-ride-in-a-virtual-machine/" rel="nofollow">https://pknopf.com/post/2018-11-09-give-ubuntu-darch-a-quick...</a><p>I'd love to hear some feed back. I've been using it personally for the past few years. I wouldn't do it any other way.
Basically : the OS is itself a layered read-only "container", on top of which flatpak is the recommended way to install applications.<p>I wish someone built an OS based on k8s as a service and application orchestrator. We wouldn't have to reinvent all the config files, the command line tools and we could reuse knowledge between cluster and single-machine administration. Plus k8s already voluntary abstracted the underlying technologies, so it should be simple to reuse it. We would use the same high-availability concepts than from the cloud, such as stateless service, horizontal scaling of services, etc. We could also reuse Istio and all the standards it is built-on to introspect the system. In other words, a microservice based OS.
It's worth a moment to give credit to the long defunct Stateless Linux project:<p><a href="https://fedoraproject.org/wiki/StatelessLinux" rel="nofollow">https://fedoraproject.org/wiki/StatelessLinux</a><p>This was imagined a decade ago, but the technology and the market weren't ready then. I am really excited to see it as an actual product.
This seems poorly motivated.<p>> What are the benefits of an immutable OS?<p>> One of the main benefits is security. The base operating system is mounted as read-only, and thus cannot be modified by malicious software. The only way to alter the system is through the rpm-ostree utility.<p>How is this different from the current experience? "Operating system" files already aren't writable by the user. The only way to alter the system is through the "sudo" utility.<p>> Another benefit is robustness. It’s nearly impossible for a regular user to get the OS to the state when it doesn’t boot or doesn’t work properly after accidentally or unintentionally removing some system library. Try to think about these kind of experiences from your past, and imagine how Silverblue could help you there.<p>How often does this happen? I've worked with complete Linux noobies who were "forced" to use Linux in a VM daily and I've never seen this happen.
> The operating system is delivered in images that are created by utilizing the rpm-ostree project. The main benefits of the system are speed, security, atomic updates and immutability.<p>The article never mentions speed (or performance) again. Is the OS somehow expected to be faster because it is mounted read-only?
This is great, especially for atomic update and rollback of the OS. I remember a particular painful instance of OS upgrade. I did the yum update command in the login shell and forgot to do it in a screen session. The login shell got killed after a period of inactivity, in the middle of the OS update. Afterward the OS was beyond repair; couldn't roll back or move forward. Had to reinstall.<p>I wished something like silverblue existed back then.
I'm a fedora user and I just gave silverblue a try. The idea itself is great but in it's current state it's basically unusable for me.<p>A lot of application I use are command line based and are simply not available via flatpak. You have to install these via rpm-ostree but
that requires a reboot every time you install anything.<p>Moreover many GUI applications that are available in the fedora repos are simply not packaged as flatpaks and either require rpm-ostree and a subsequent reboot or adding a third party repository like flathub. I really don't want to give up fedoras mostly excellent repos to rely on some badly packaged, possibly malicious container.<p>After not being able to find my preffered media player mpv, I settled for VLC from flathub. It installed just fine but video playback was completely broken, VLC installed via rpm-ostree worked.<p>I also don't understand how you are supposed to install patent encumbered codecs for firefox. Usually this is solved by adding the rpmfusion repos but with firefox being installed via a flatpak from the fedora repos, this obviously does not work.<p>I'll probably check this out again in ~2 years and see if it's any better.
As a Linux user from the 90s, I welcome this change. RPM Hell and its Debian equivalent are real and painful things. When disk space was a premium, system dynamic linking made sense. Today, it absolutely does not. rpm-ostree is a bit ugly. Snap has the right idea of doing both system services and apps. Fedora should do the same.
>“Team Silverblue” or “Silverblue” in short doesn’t have any hidden meaning.<p>Don't "Bill Revues", "Evil Rubles", "Rebels I Luv", "Urb Level I", "I'll Sue Verb", "I Blur Elves", "Be Evil Slur", and "I Serve Bull" qualify as hidden meanings?<p>(Not to mention "I Beaver's Mullet", "Brutalism Levee", "Album Televiser", "Ever Liable Smut", "Evil Slum Beater", "Melt Bra, Sue Evil", "Be Real Evil Smut", "Evilest Bar Mule", "Leave Stumblier", or "Blames True Evil"...)
Also look at openSUSE MicroOS, which provides the same core idea (transactional root fs), but with some key advantages like not using rpm-ostree and instead using plain RPMs.
How is that fixing the issue of incompatible configuration changes? This is typically the reason why I see boot or start problems, i.e. I have made some changes to some configuration and the format, or some option changed with a package upgrade and I suddenly can't boot into the gui anymore. In contrast I can't remember when I updated a system and something stopped working because 2 libraries were incompatible. To me this is really solving a non-issue.
How do they do things like security updates (e.g. OpenSSL)?<p>I mean, if the system is immutable, do I have to download an install a completely new image? How often do such updates arrive?<p>And what does immutable even mean in practice? Do I have to start from a CD image or some special boot mode every time I want to install system updates?
> “Team Silverblue” or “Silverblue” in short doesn’t have any hidden meaning. It was chosen after roughly two months when the project, previously known as Atomic Workstation was rebranded. There were over 150 words or word combinations reviewed in the process. In the end Silverblue was chosen because it had an available domain as well as the social network accounts.<p>It personally made me think of "Silverlight".
Oooh, this is poor timing for me.<p>I'm about to get a new laptop for work, I usually use Fedora. Should I gamble on using SilverBlue? I'll have to think long about this one.
Concept is interested, but read-only rootfs is stupid, really. It's kind of lock-in.<p>Of course, ro - great for security, but if something happens with any critical system component like bootloader - I prefer to able patch/fix it myself and don't wait days/weeks for distmakers.<p>Clear Linux use similar concept, but they allow write access and handle whole fs tree and bundle depends on server side.
Flatpaking all the things? I'm not sure why there is this push for Linux to have the "download and double click" install experience of windows / Mac. Convenient to install sure, but as a user its a nightmare to maintain/update.<p>All people on Linux really need is an xdg-open standard for opening a package manager / running an install command.
Oh no. The benefit of Linux is to be able to build your own Setup (Server,Desktop). Now with this "Solution" the user have more and more a closed System where every change creates a lot unnecessary steps to install another software.<p>I agree that on servers the container runtime makes a lot of sense but not on Desktops where changes happen every day.
It is the reason I'm slowly moving away from Linux. I've learned Linux, for years I've invested time and money learning everything I could. And it was fun. I even built LFS many times. I know how NOT to break it and how to fix it. And as we have seen with GNOME3, systemd, Wayland etc. RH will deliver and every major distribution will eventually adopt immutable directories and statically linked applications. So, my conclusion after all this years learning and having fun with Linux is that it was a waste of time. I understand the propaganda: it's good for everyone (who don't like dealing with Linux, the OS). And I understand the real reason: distribution developers don't like the tedious work that is compiling, linking and packaging the same software over and over again. But the feeling that I wasted my time. If it's to use a immutable, bloated, reboot-all-the-time OS, I just use any other OS.<p>As I posted here: <a href="https://news.ycombinator.com/item?id=20425615" rel="nofollow">https://news.ycombinator.com/item?id=20425615</a>