I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can't mess with the root without extra steps.
For anyone who isn't familiar with immutable distros I attached a picture of mutable vs immutable, I don't want to describe it because I am still learning.
My question is: what does the community think of it?
Do the downsides outweigh the benefits or vice versa?
Could this help Linux reach more mainstream audiences?
Any other input would be appreciated!
Since the idea is that the "root partition" is immutable, serious question:
How do you fix a hardware config issue or a distro packaging / provision issue in an immutable distro?
Several times in my Linux history I've found that, for example, I need to remove package-provided files from the ALSA files in
/usr/share/alsain order for the setup to work with my particular chipset (which has a hardware bug). Other times, I've found that even if I set up a custom.XComposefile in my $HOME, some applications insist on reading the Compose files in/usr/share/X11/localeinstead, which means I need to be able to edit or remove those files. In order to add custom themes, I need to be able to add them to/usr/share/{icons,themes}, since replicating those themes for each $HOME in the system is a notorious waste of space and not all applications seem to respect/usr/local/share. Etc.Unless I'm mistaken on how immutable systems work, I'm not sure immutable systems are really useful to someone who actually wants to or needs to power user Linux, or customize past the "branding locking" that environments like Gnome have been aiming for for like a decade.
From an advertising perspective, it's important to think about who you're targeting. Who are your likely customers? Certainly there are some based on the strengths that you raised.
However, some people are definitely not a good target audience, and some people is actually a very large group of people. There are a lot of current and potential users who essentially want the standard major applications to work, and they're not going to touch the root partition, and they want things to be very simple. For people like that, Debian or Ubuntu or Fedora already do what they want. And these major operating systems have been around for so long that people will naturally be more confident using them, because they were their friends have experience, or because they think the organization has more stability because of its experience.
Of course a lot of things depend on how you define words, but to me the above paragraph describes the mainstream audience, and I don't think you're going to have much luck reaching them, because I don't think the thing you're trying to sell gives them extra value. In other words, it's not solving a problem for them, so why should they care.
Immutable, doesn't mean extreme secure. It's a false sense of security.
It could be more secure.
But during a runtime, it is possible to overwrite operational memory, mask some syscalls, etc.That's my 3 cents.
Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing
~/.bashrcand putting a binary somewhere.it doesn't allow changes to stuff that needs root access to change. If you have root access you can do anything, including switching images. It is not more secure. It's not less either
Then you have NixOS, which is declarative, and fairly immutable.
You don't have to reboot to make changes, but you can't just run unlinked binaries either.
You can't do things like edit your hosts table or modify the FS for cron jobs. The application store is unwritable, but you can sync new apps into it .
You have to make changes to the config file and run a rebuild as root.
Immutable distros are great for applications where you want uniformity for users and protections against users who are a little too curious for their own good.
SteamOS is a perfect use case. You don't want users easily running scripts on their Steam Decks to install god knows what and potentially wreck their systems, then come to Valve looking for a fix.
Immutable distros solve that issue. Patches and updates for the OS roll out onto effectively identical systems, and if something does break, the update will fail instead of the system. So users will still have a fully functional Steam Deck.
If you're not very technical, or you aren't a power user and packaged apps like Flatpaks are available for all your software, then go for it. I prefer to tinker under the hood with my computers, but I also understand and except the risk that creates.
Immutable distros are a valuable part of a larger, vibrant Linux ecosystem IMO.
I personally vastly prefer mutable distros for my own system, but I understand the appeal for those who like them. As long as mutable distros remain an option I don't mind immutable distros.
It's definitely great for the mainstream. Think of Linus Sebastian who has somehow broken every OS except for SteamOS.
It's not great for me who uses Arch Linux btw with the expectation that if the system doesn't break on its own, then I will break it myself.
And anybody who thinks that Linus doesn't look for those ways to break Linux is deluding themselves. He's a fucking asshole.
Honestly, I would say it isn't great for anyone who has to do something low level even once. Now that there are open source nvidia kernel drivers that has solved a pretty big issue for most people who would be interested in immutable distros, but there are still many other drivers and issues that your regular user may face.
One example off the top of my head is that flatpaks specifically can't ship systemd services if I recall correctly. A lot of wayland apps for thigns like input have to use daemons because of wayland's security model. Lact for AMD and now Nvidia GPU control, ydotool, or even gui versions of such tools for remapping input.
Snaps require custom kernel modules that aren't used outside of ubuntu, so I hesitate to trust them regardless of any of the other issues people have with them.
This basically leaves appimages which aren't available for everything and don't always seem to work at least not as reliably as flatpak. I even tried to package the rstudio forensic software as an appimage myself, so I could have an easy way to use that proprietary piece of software, but I just couldn't get it to work. I couldn't get it to work with distrobox either using the official methods they provide to install it on linux. I did get it working in a chroot for some reason, but it had graphical issues. In the end, I made a PKGBUILD for arch and got it working that way.
The point of all this is that a lot of times people say immutable is great for average, non tech savvy people, but I believe that literally everybody ends up needing to do low level stuff at least once or twice every so often. Which simply isn't a great experience since you end up having to do layering which throws these theoretical average users right back into the normal complexity of a mutable system, but with even more uncertainty in my opinion.
Now then with all of these caveats. I do still agree that immutable distros are great for the aforementioned group of people and I know this statement contradicts a lot of what I have described above. The reason why I think they are great for the less tech savvy people however isn't because of any actual technical merit of the systems design though. Immutable distros are great for people like Linus Sebastion because it limits what they can do. You simply have to accept what is there the same way that you have to on proprietary systems like Mac and Windows. Those systems force you to do things a certain way unlike Linux and that is what people like Linus need because they have no business mucking around with the system to begin with.
Lastly, all of this only works because devices like the Steam Deck are being run on specific hardware thus guaranteeing there compatibility. This is what we ultimately need. There would be much less need for low level operations to get drivers or change settings to make wifi or audio work right on a billion different devices if these people were buying linux compatible hardware in the first place.
Immutable ≠ atomic
Bazzite is atomic (not immutable), same with Silverblue and other Fedora variants (they're all atomic, even on their main page it says atomic). It's kinda misleading ngl
Isn't that just their nomenclature for immutable?
What's the difference between an atomic distro and an immutable one?
NixOS is kinda the best of both worlds, because it does everything in a way that is compatible with an immutable fs, but it doesn’t force you into abiding by immutability yourself.
You can always opt into immutability by using Impermanence, but I’ve never seen any reason to.
Edit: That said, the syntax has a steep learning curve and there are tons of annoying edge cases that spawn out of the measures it takes to properly isolate things. It can be a lot to micromanage, so if you’d rather just use your system more than tinker with it, it may not be a good fit.
I suppose you’re right. It’s just another tool for helping you abide by immutable practices without forcing immutability as an unbreakable rule.
Bazzite is great. I was using Nobara before it, and Solus before that and Bazzite has been the best experience I ever had on Linux, I don't plan on changing distros as long as it remains a thing.
I've used Bazzite for the last year or so after distrohopping for a while and landing on Arch. I learned how 'atomic' distros, as the Fedora folks call them, work. It sounded like my phone, where apps are relatively sandboxed and automatically update. I said 'this is how computers should work' and stuck to it.
I wouldn't use standard Silverblue/Kinoite or standard Fedora. The uBlue images include so many drivers and fixes on the image that make the primary distros look incompetently made if you're not a power user. They wouldn't like me saying that because their work is only possible because of what Fedora does. But by that I mean, you will eventually run into something that doesn't work and it always comes down to some licensing or scope issue that the developers simply don't care about.
Having to do literally anything extra to get your NVIDIA GPU drivers frankly isn't acceptable when that's not the case for AMD cards. Let alone having to modify grub in the worst case if your distro doesn't boot properly. If I have a part or plug something in that isn't some hyper specific piece of technology, it should just work, because it isn't 1999 where you need driver CDs anymore.
The main tradeoff is that for users who aren't very technical, installing anything outside of flatpaks probably won't make any sense. They have guides, and stuff like brew and distrobox isn't that difficult when you understand it. But having 4 different ways to install stuff (flatpak, brew, distrobox, layering) sounds ridiculous and confusing on its face.
I have a practically 0 maintenance system with Bazzite and that's the way I like it even though I'm perfectly capable of running anything else and modifying it to my liking. The average user isn't going to care about anything they're missing by not being able to modify certain files, or if they do, there's probably a better way to do whatever it is they're trying to do that doesn't involve running random bash scripts.
I would recommend Aurora and Bluefin to all my Windows/Mac friends who aren't gamers, and Bazzite or Bazzite-gnome to everyone who is. I would never recommend anything else at this point, not even something like Mint, because I consider the uBlue images to be just that good and the tradeoffs of the weird program installation to be more than worth it. Other immutable/atomic distros are too immature (like Arkane Linux) or work fundamentally differently to Fedora Atomic and rely more on things like snapshots (like OpenSUSE Aeon/Kalpa) so I'm not really comfortable recommending them either.
is nixos considered immutable or mutable? kind of has characteristics of both.
I'd argue it's closer to a mutable distro than an immutable one.
Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix's purview, it just won't be reproducible and may be overwritten by nix.
You can build an 'immutable' environment on nix, but rather than storing changes as transactions like rpm-ostree, it'll modify path in /nix/store and symlink it. Sure, you can store the internal representation of those changes in a git repo, but that is not the same thing as the changes themselves; if the nixpkgs implementation of a config option changes, the translation on your machine does too.
I think they're great. I've got two Linux newbies running some Ublue variant with no issues
I think it's good if you have a ton of storage and want to set it and forget it. For me, immutable depresses me. I came to Linux for the tinkering and the ability to do what I please to my system, not to be restricted. That's just me, though. For handhelds/strictly gaming machine (a Steam machine for example)? I think immutable is the perfect fit for it.
