cross-posted from: https://infosec.pub/post/15781466
Am I out of touch?
No, it’s the forward-thinking generation of software engineers that want elegant, reliable, declarative systems that are wrong.
But an immutable distro is not necessarily declarative, and the other way around.
Why lump them together?
I’m guessing this refers to the not entirely separate groups of Nix(OS), Haskell, XMonad fans
Don’t forget us Bluefin/Aurora people either
all 12 of us, THERE IS A DOZEN OF US! A DOZEN!
an immutable distro is not necessarily declarative
It is necessarily so. You can’t configure an immutable distro by a sequence of mutations.
But yes, the other way around is quite possible.
You can’t configure an immutable distro by a sequence of mutations.
Isn’t that literally how ostree works?
NixOS isn’t immutable though. It runs on normal writable ext4 by default.
Immutable was adopted for Android because Google and the Android vendors wanted to lock down the platform, and because they always distribute their OS images and updates as binary blobs.
It offers no benefits to an open ecosystem like Linux, that you can’t already accomplish with existing security measures.
It offers some benefits to distro maintainers who are only willing/able to focus on the core system and delegate the rest of the software to distro-agnostic packages. That’s definitely an interesting niche and I look forward to it. But please note that whether the core is immutable is completely irrelevant in this scenario.
Generally speaking, if you want to use distro-agnostic packages you can do that regardless of whether the system is immutable or not.
And since we’re on the topic, if we’re borrowing things from Android I would love to have the application sandboxing and permissions. I think they’d be a much bigger benefit – to all distros, immutable or not.
And since we’re on the topic, if we’re borrowing things from Android I would love to have the application sandboxing and permissions. I think they’d be a much bigger benefit – to all distros, immutable or not.
Flatpaks and Wayland should fill out this part nicely.
This often means unofficial builds that aren’t from the developer that sometimes have sandbox specific issues the devs didn’t contemplate because they don’t actually do flatpaks. If someday the random bob who is neither the original developer nor some trusted individual connected to the distro is hacked they may push out a malware enabled update that pwns all the people who automatically update in short order. This doesn’t seem like a security increasing feature.
I don’t think anyone uses immutable distros for security, the main selling point I believe is that you can rollback when the system breaks due to a update, especially when it’s a rolling release
I can do that with Timeshift on any distro
Look, if you love declarative systems that’s cool. I’m genuinely happy for you that you have much better options now. That can only be good.
That being said, they only solve problems that I don’t have. I do not care even the tiniest amount about whether a system is declarative or not, and I’m definitely not going to go out of my way to seek them out. If you want to call that “out of touch” then so be it.
I just like them because my system feels “cleaner.” Always drove me nuts with Arch or Debian when you install something, let’s say it requires ~20 decencies, then you remove it later, run the respective dependency clean command, and it only removes lets say ~12 packages. Like where did those 8 dependencies go? Are they just stuck on my system forever? Atomic desktops don’t have this issue which I really appreciate.
The 8 dependencies must be an optional dependency for some other package you already have installed. That said, that kind of stuff is the main reason I want to try NixOS - any time I install something, configure something, etc. I’m risking forgetting about it and getting tripped up over it down the line, with no good way to check.
I want this but without learning a new functional language to do it.
ostree go brrrr
Aeon is the way
Imagine being so devoid of soul and spirit you turn your OS into kubernetes
Oh I definitely am out of touch, but I think I’ll live with that 😄
Eh, bring it all on. Part of what is great about FOSS is the vibrant ecosystem. I welcome new stuff, even if I don’t have much use for it.
I do think it makes a lot of sense for certain use cases. Like my Steam Deck, great use case for an immutable distro.
Another is school or work deployments where you just need a herd of identical, generic systems or thin clients that run the same small set of applications.
Hehe, but unix shell scripting can do so much…
I don’t need it, I never needed it, and thus I will not use it
If one day I need it I will use it
Capiche?
I just treat my systems like cattle not pets. Get out of line and I will kill ya and bring a fresh copy online
Is there any declarative OS that is not immutable?
I tried Fedora Silverblue once and it was all fun and games until I wanted to build a driver.
But I really like the concept of declarative systems.
What’s the best immutable OS?
NixOS
Immutable and Declarative OS design is simply an option. I think it’s a damn good one, but right now, it’s not for me. That could easily change in the near future.
The idea excites me. A potential hardened OS that user-friendly could be a great option for Business and Academic computing.
