If you're looking for a new operating system that takes security seriously, but doesn't cause major user headaches, Vanilla OS might be just the ticket:
I've used every flavor of Linux you can possibly imagine -- from the overly simple to the masterfully complex. I've seen just about every gimmick and trick you could throw at an operating system. Finally, there's a new take on Linux that is equal parts heightened security and user-friendly. If that sounds like the combination you've been looking for, read on, my friend.
The first official release of Vanilla OS was recently made available to the masses. I've tested this Linux distribution before and found it to be quite intriguing. So, when the developers announced the full release was ready, you can bet I was anxious to kick the tires.
[...] With the new release, the developers shifted away from Almost to ABRoot. [...] The developers explain it like this:
ABRoot achieves [atomicity] by transacting between 2 root file systems: A and B. Let's make an example. Let's say you want to install a new package. ABRoot will check which partition is the present root partition (i.e A), then it will mount an overlay on top of it and perform the transaction. If the transaction succeeds, the overlay will be merged with the future root partition (i.e B). On your next boot, the system will automatically switch to the new root partition (B). In case of failure, the overlay will be discarded and the system will boot normally, without any changes to either partition.
The article goes on to talk about Smart Updates and Sub Systems.
Related: RHEL and its Linux Relatives and Rivals: How to Choose
Related Stories
There's a whole family of Red Hat Enterprise Linux variants, each with its own users. So, what's the right one for you? It depends on your needs:
Lately, I've noticed a lot of confusion about Red Hat's Red Hat Enterprise Linux (RHEL) and related distros, such as AlmaLinux OS, Oracle Linux, and Rocky Linux. In addition, there are Red Hat's own RHEL variants, CentOS Stream and Fedora. Mea culpa. It is confusing. Let me help straighten things out.
[...] many people used a community RHEL distro called Community Enterprise Operating system (CentOS) instead of Oracle Linux. Founded by Gregory Kurtzer, this was the most successful of the early RHEL clones. Indeed, CentOS proved to be far more popular than RHEL in such critical markets as web servers.
[...] So, first, [Red Hat] adopted CentOS in 2014. CentOS continued on its free license way, while Red Hat hoped it could persuade CentOS users to become RHEL customers. It didn't work out.
So, in late 2020, Red Hat changed CentOS from being a stable RHEL clone to being a rolling Linux release distro, CentOS Stream. In addition, the plan was that while Red Hat would continue to support the older CentOS 7 release until at least June 30, 2024, the newer CentOS 8 version, instead of being supported until 2029, would run out of support at the end of 2021.
That went over like a lead balloon with the hundreds of thousands of CentOS users.
(Score: 1, Interesting) by Anonymous Coward on Friday January 13, @06:31AM
Because if you install stuff whether intentionally or via drive-by it runs as your account and so the malware authors would more likely target your account than root.
And /home/youruser and similar is where your unique data is.
So what if you sleep/hibernate/resume a lot and don't reboot?
Anyway what might be more useful to me would be something similar to the phone app permissions concept (but more desktop user oriented[1]) - where the app lists upfront what privileges it wants and then I say OK or click "details" and tweak the permissions/privileges and then the OS enforces it.
So in most cases the game/app/etc might never have actual full write access to /home - it's sandboxed. I mean there's no good reason why the games I run should have full access to all my documents.
The conventional AV approach is as difficult as solving the halting problem (or harder since you may not get the complete program and inputs upfront). Yes you can guess correctly in some cases and it has its uses.
This approach is like "working around" the halting problem by forcing the program to halt after a certain time whether it's programmed to or not.
[1] For example there could be distinctions in privileges like accessing all my documents/files vs only the files it creates. Similar for accessing the internet or not, or just the internet and not your LAN, or just your LAN and not the internet etc.
For bonus points allow enterprises/trusted parties to specify/audit and sign sandbox templates. This way "Ms. May in Accounting's" PC could go "This program is probably OK because it's been checked by a 3rd party that I've been configured to trust AND the sandbox requested is also certified/specified by that trusted 3rd party".
(Score: 5, Insightful) by RamiK on Friday January 13, @07:13AM (5 children)
It's the Ubuntu equivalent of Fedora CoreOS/Silverblue/Kinoite which are cheap knockoffs of NixOS.
For the uninitiated: The trade-offs for OS immutability are simply not worth it unless you go down to the package level like NixOS and Guix. Don't get me wrong though: Good Enough™️ will win and the Fedora and Ubuntu imitations would probably win since they take the easy way out by simply throwing huge chunks of the base system into a big Android-like read-only FS. However, we'll be lamenting the problems for decades to come over taking this shortcut.
compiling...
(Score: 0) by Anonymous Coward on Friday January 13, @07:37AM
Yeah, I can imagine people losing track of what changes will happen on reboot...
This could help for messed up device drivers, assuming you can easily rollback. Might also help for ransomware if you only ever do the apx route.
(Score: 2) by darkfeline on Friday January 13, @09:02PM (3 children)
It's not a shortcut; practicality matters.
There's always a desire to achieve the perfect ideal, but that simply doesn't work. Instead, you get stepwise evolution and you end up with someone imperfect close to the ideal. It's not possible to go straight to the ideal. Many people have tried and never achieved that pipe dream. Feel free to prove me wrong, we have all of evolution (history of life as we know it) and human history to reference.
Thus, there's no need to lament that we couldn't do something that's impossible. Perhaps we could lament the laws of physics instead.
By the way, Nix is not at all equivalent to immutable OSes. The main idea of immutable OSes is that the base OS is immutable and thus signable/verifiable. The primary features of Nix are orthogonal to that. One could consider Nix as a build system that could produce an immutable OS image, but which build system you use is basically irrelevant to the end user value of an immutable OS.
Join the SDF Public Access UNIX System today!
(Score: 2) by RamiK on Saturday January 14, @01:18AM (2 children)
How is practical to set a bunch of unrelated binaries and libraries as read-only just because you're too lazy to package them separately?
NixOS is works. I've been using it daily as a desktop and server os. What more is there left to prove?
Have you ever actually used NixOS instead of just install Nix on some other system? All the packages are in /nix/store under separate read-only dirs. The way the system is composed by nixos-rebuild switch is by symbolic linking and producing configurations like /etc based on the /etc/nixos/configuration.nix you wrote. You can write your own .nix packages for small apps or custom .nix configurations and spin qemu vm instances that replicate a while system. The NixOS installation media is produced just like so even the installer is immutable. You can even perform a system-wide git digest to narrow down tiny package changes when looking for bugs since the whole package management is done under git.
One thing worth exploring beyond NixOS in terms of immutability is addressing the non-conformance to the standard linux directory structure by replacing the dynamic linking with union mounts like how overlayfs works in openwrt. That will solve a LOT of development and packaging woes.
compiling...
(Score: 2) by darkfeline on Saturday January 14, @08:46AM (1 child)
> NixOS is works. I've been using it daily as a desktop and server os. What more is there left to prove?
No one uses it. Not literally of course, but its user base is a rounding error.
Why does no one use it? Because it has problems that render it an untenable or unpractical option.
Those problems may be social, documentation, third party support, etc. A lot of software is a pain to get working or haven't been packaged. Maybe they could theoretically be solved, the same way that theoretically all of the subatomic particles in your body could exist one foot to the side at this exact moment. But they are still problems. You might not consider them problems, but everyone else does consider them problems. You can reason and explain all you want, but the reality is that it has problems and it is not and will not be used, because of those problems.
Prove me wrong when NixOS's userbase exceeds one of Ubuntu, Mint, Fedora, Debian, or Arch.
Join the SDF Public Access UNIX System today!
(Score: 2) by RamiK on Saturday January 14, @07:46PM
Rounding error... Software is a pain to get working... Userbase exceeds... Everything you just said applies to Linux Desktop vs. Windows or Server Windows vs. Linux.
More importantly, it's all inconsistent with how nixpkgs is one of the largest if not the largest repo around thanks to having so many diverse contributors: https://repology.org/repositories/statistics/total [repology.org]
The stuff holding back NixOS is just how switching back and forth between Ubuntu, Debian, Fedora and Arch is easier. It's not to say there aren't technical and social issues with NixOS.... Guix wouldn't have happened if there weren't at least some problems with Nix as a language and the core packages being too rigid and hairy to work on for outsiders... And I've already mentioned the namespace isolation would have been done better with union mounts or something... But still, those are clearly not deal breaks otherwise Guix would have overtaken the community.
compiling...
(Score: 2) by Snospar on Friday January 13, @08:04PM
How many people running Linux are running into constant security issues? They're well protected from the majority of crass Windows viruses and if they keep the system well maintained and reasonably locked down there should be very little they have to worry about. This tendency to treat all machines as though they are under constant attack and especially the move to make everything run in it's own sandbox with it's own set of dependent files is just making the attack surface larger. To mangle two quotes, "Keep it simple. Keep it safe".
I'd rather see more effort put into keeping the supply chain of shared libraries clear of bad actors. Even in that sphere, I'm happy to trust that my distro provider has done their homework and as I pull their packages onto my systems there are robust keys and digital signatures protecting me. It appears to me that we're being forced into the level of protection required on a Google, Microsoft or Facebook server - for the vast majority of us that is overkill. Those boxes need special attention but we don't need to change the whole infrastructure for corner cases. Move along please.
(Score: 2) by darkfeline on Friday January 13, @09:11PM
Well, I guess it is partially new. AB partitioning is used by Chrome OS and Steam OS. Installing packages and AB partition together is new, and inferior. I think immutable OS+user installed packages is the future. You would only need to backup your home directory; you can reinstall the base immutable OS on any computer and plop your home directory (which contains user installed packages/configuration) and get the identical workspace.
Incidentally, the Steam Deck is a really solid Linux desktop replacement. It's rather scary (and exciting).
If you're wondering about things like /etc/passwd, I've got a surprise for you: that's the primary problem that systemd-homed solves.
Join the SDF Public Access UNIX System today!
(Score: 2) by Dr Spin on Sunday January 15, @07:35AM
Does it use systemd?
Nothing else matters.
Warning: Opening your mouth may invalidate your brain!