Arthur T Knackerbracket has processed the following story:
If you're a Linux enthusiast, you've likely come across terms like "immutable distribution", "OS3", or "image-based operating system". These concepts have been gaining traction in the Linux community, sparking curiosity about their significance. In this article, we'll delve into the world of immutable distributions, exploring how they work, their advantages, potential drawbacks, and whether they truly represent the future of the Linux desktop.
An immutable Linux distribution is a unique breed of operating system designed to be read-only and resistant to easy modification once installed. The fundamental idea behind these distributions is to restrict user and superuser access to system files and directories, ensuring that most changes are temporary and erased upon reboot. This approach has earned them the moniker "immutable."
When updates are applied to the system, they don't modify the existing installation. Instead, they create a new system image that becomes the active one upon the next reboot. While this might initially seem limiting, immutable distributions implement workarounds to ensure users can still customize their computing environment.
Immutable distributions offer robust security benefits. Since users and third-party programs can't readily modify the core system, the risk of viruses, Trojans, ransomware, and other malware compromising system files and directories is significantly reduced. Even if an attacker gains access to the system, their ability to write or modify system components is limited.
Immutable distributions are highly reliable. Users are less likely to accidentally break their systems or encounter issues caused by third-party software modifications. Unlike conventional distributions, there's no risk of running into dependency conflicts or unintentionally destructive commands.
Maintenance is streamlined with immutable distributions. Updates are only applied after a reboot, eliminating the risk of breaking the system while it's running. This approach also minimizes the chances of encountering dependency-related problems during updates.
One significant challenge with immutable distributions is installing applications, as traditional package management systems typically require write access to the system. Immutable distributions address this issue using various methods:
Many immutable distributions embrace universal packaging formats like Flatpaks, Snaps, and AppImages. These formats don't need full system access and bring their dependencies, making them ideal for installation on immutable systems.
Some distributions allow users to install packages in a dedicated layer separate from the immutable base system. These layered packages persist across reboots and are included in the updated system image, providing a way to install drivers, libraries, and applications not available as universal packages.
Containers, such as those used with Distrobox, enable users to launch applications in a separate environment with full write access. This approach is useful for applications that must interact with the system at a deeper level.
Immutable distributions handle updates differently from traditional ones. Updates are never applied in place; instead, they create a new bootable system image. This approach ensures that users always have access to the previous version if issues arise after an update. While this requires reboots, it enhances system stability and security.
Immutable distributions introduce complexity, especially for users accustomed to traditional Linux distributions or other operating systems like Windows or macOS. Basic tasks like installing packages, updating, and manually editing config files differ significantly.
Immutable distributions require users to adapt to new ways of performing familiar tasks. Installing packages, updating the system, and even manually editing configuration files may involve unfamiliar processes. This learning curve can be steep for those new to this approach.
Immutable distributions may not suit users who value the ability to access and modify any file at any time. The restrictions imposed by these distributions can be seen as limiting, especially when compared to traditional Linux distributions.
Immutable distributions offer unique benefits, making them a valuable option, particularly for server environments and specialized appliances. However, their limitations and complexity may hinder their adoption among regular desktop users. While they won't replace traditional Linux distributions, they will likely coexist, catering to different use cases and preferences.
In conclusion, immutable distributions represent a promising evolution of Linux operating systems, emphasizing security, reliability, and ease of maintenance. Whether they become the standard or remain a niche choice depends on individual needs and priorities. Immutable distributions offer an alternative approach to Linux, one that can be better suited to specific scenarios but may not be the right fit for everyone.
Related Stories
The All Systems Go! conference happened last week in Berlin, devoted to systemd / container / image-building topics. Several cool talks focused on immutable distributions: their usages and virtues, particularly NixOS. NixOS is the foremost immutable, reproducable, and atomically upgradable Linux distribution, and a powerful building block for building easily deployable services.
Andreas Herrmann, the first Bazel community expert, talked about the value of a reproducible build of your software and the merits of using an immutable distribution like Nix to make your builds better. Xe Iaso's talk on writing your own NixOS modules for your own build dependencies to ensure your software is reproducable. Lots more talks, but mostly systemd-related: check out the list of talks and the recordings!
All Systems Go 2023 will feature Lennart Poettering talking about Unified Kernel Images along with talks on encrypted Btrfs sub-volumes, Linux security, BPF filtering, soft reboots, Linux and TPMs, systemd-repart, mkosi, and Microsoft talking about their image-based Linux deployments on Azure, among other topics.
Related: The Future of Linux: Exploring Immutable Distributions
(Score: 3, Interesting) by Anonymous Coward on Tuesday September 19 2023, @08:32PM (1 child)
So, like a virtual ROM cart? Will it boot up as fast as a C-64? How is this different from a live CD, other than not being on a CD? The read-only is as good as whatever subsystem protects the system sector. What we really care about is our user data. Concerns about the system getting trashed are really just indirect concerns about user data getting trashed.
Preventing the system files from being modified by something at a lower level is not a bad idea; but it's not revolutionary. It's not a security silver bullet. You still have to guard your data. Also, modifications to the running system software are just one kind of attack. As soon as there's a known exploit in the virtual ROM, you need to replace it anyway which is just a good ol' patch.
I've got an open mind, but so far I'm not too impressed.
(Score: 4, Informative) by mth on Tuesday September 19 2023, @10:24PM
It's a file system image, not a memory image. So it is indeed very similar to a live CD, but quite different from a ROM cart.
True, but security silver bullets don't really exist. If the OS image is cryptographically signed and the boot loader checks it and the boot loader can only be updated at boot time, it becomes pretty difficult to infect the base OS in a persistent way.
(Score: 4, Touché) by VLM on Tuesday September 19 2023, @08:56PM (6 children)
Instead of turtles all the way down, its Docker on top of Docker on top of Docker all the way down. Personally if I had to run "everything" in a container including "/bin/ls" I'd prefer running on K8S instead of Docker on a single host.
Always been a tradeoff between shared libraries vs static, and there always will be. So it'll make it harder to fix library bugs across an entire system if you have 137 copies of the library statically linked into 137 separate containers.
(Score: 4, Insightful) by Rosco P. Coltrane on Wednesday September 20 2023, @09:47AM (5 children)
Exactly.
This trend is getting crazy. Programmers and packagers are too lazy to make proper ports and maintain dependencies these days. They assume everybody has a gigantic PC with infinite amounts of RAM, disk and an infinitely fast CPU - and if they don't, they will soon, because Moore's law.
The net result of this is simplistic programs like Microsoft Teams or Element - which, let's face it, are just a fancy IRC and ICQ client packaged up alongside an entire separate OS - that takes half a gig of RAM just to open the main window. Even if I did have a machine powerful enough to run more than 10 such apps concurrently and do actual work at the same time, the sheer wastefulness of it all is completely ridiculous.
(Score: 4, Interesting) by VLM on Wednesday September 20 2023, @12:00PM (2 children)
Conspiracy theory idea: AWS and its minor competitors charge piecework on those items, and they'd love to sell more, so if I was an evil genius running AWS I'd donate tons of money to FOSS projects that waste RAM, disk, and CPU to pad my future revenues (Note I'm not agreeing with this conspiracy theory, just tossing out the idea for contemplation ... I'm just saying if this were a sci fi book plot, it would be VERY believable)
I mean, if "they" aren't already doing this, why not?
What makes more future revenue for AWS, yet another shitty TV commercial on CNBC (can tell I went to the gym this morning, LOL) or slowing down the world's webservers by 5% which means 5% higher revenue?
I could see hardware vendors pushing the same concept except their margins are too low whereas "larger cloud suppliers" have margins that could afford this kind of market manipulation.
(Score: 2) by tangomargarine on Wednesday September 20 2023, @03:45PM (1 child)
Well, it would hardly be the first Linux conspiracy theory...are we sure Leonart Poettering or Red Hat aren't involved?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 1, Insightful) by Anonymous Coward on Thursday September 21 2023, @11:22AM
Oh, but he is. He is one of the peddlers of this via systemd.
(Score: 2) by hendrikboom on Wednesday September 20 2023, @03:11PM
On Linux, you may as well waste RAM. Your computer was probably built to run Windows, so the Linux system will have more RAM than it can effectively use.
(Score: 2) by tangomargarine on Wednesday September 20 2023, @03:43PM
Good ol' Troutman's Laws. [tomrobertshaw.net]
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 4, Insightful) by Mojibake Tengu on Tuesday September 19 2023, @09:20PM
Now, let's reinvent the next step: classical multi-versioning. And reload. Perhaps even process checkpoint/resume?
And migration of running process to another machine...
I mean, everything the Microsoft did not understood from real computers thus were unable to implement.
And because of that, the youngsters were unable to imagine what's possible...
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2, Insightful) by Anonymous Coward on Tuesday September 19 2023, @09:23PM (1 child)
So now we're going to use monads to update our computers.
What could be simpler.
(Score: 2) by istartedi on Tuesday September 19 2023, @10:20PM
Yes. A monad is just a mongrel in the category of ectoplasm. What's the problem?
Appended to the end of comments you post. Max: 120 chars.
(Score: 2) by Freeman on Tuesday September 19 2023, @09:53PM
Just burn yourself a Puppy Linux remaster on a CD and run everything from that. Updates may be a bit annoying, though. Still, if you get hacked, all you need to do is reboot and you won't even know that you got hacked. Won't have any clue what they got, but what you don't know can't hurt you or something like that.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 5, Insightful) by Thexalon on Tuesday September 19 2023, @10:26PM (8 children)
One of the major benefits of Linux and open-source stuff was always intended to be flexibility: You are very intentionally and specifically are granted the power to tinker with your system any way you want to. Want to rebuild the kernel to include only what you actually need? Go ahead. Want to rewrite glibc because you've taken leave of your sanity? You can do that too. Want to patch a key piece of software that had some spyware in it so that it no longer communicates to its creator? Yup, you have the ability to do that too.
What this "immutable" system is really aiming for, by contrast, is a walled garden that is controlled by its manufacturer. And while I'm sure the idea has plenty of funding from Google, who wants to make Android and Chromebooks as much a walled garden as possible, that does not make it a good idea for users.
Oh, another bonus of an immutable system? Let's say you have a security vulnerability in that system. Guess what? You can't fix it! You can't even patch it.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 5, Informative) by darkfeline on Wednesday September 20 2023, @05:30AM (7 children)
Uh, what? You can still tinker with your system. These immutable distros are all fully FOSS.
All it means is that you have to rebuild and reboot your machine, like you do with the kernel, when making system changes. The upside to this is that if you bork X/Wayland, you can reinstall your previous image and be in a known good state rather than trying to hunt down some .so or .cfg that modified.
> Oh, another bonus of an immutable system? Let's say you have a security vulnerability in that system. Guess what? You can't fix it! You can't even patch it.
Oh, you don't even know what an immutable system is. It doesn't mean you can't change the system, it means the system image is mounted readonly when running. You can install and boot into different images; that's how OS updates work.
Join the SDF Public Access UNIX System today!
(Score: 2) by PiMuNu on Wednesday September 20 2023, @07:22AM (4 children)
> The upside to this is that if you ...
The downside is that changing system things becomes a PITA. One of the celebrated features of linux, that I use *every* day, is that updates don't require a reboot. Sounds like they want to break that.
(Score: 1) by shrewdsheep on Wednesday September 20 2023, @07:36AM (2 children)
Well, I only have looked a bit into MicroOS (OpenSuse). The solution to updates it that the read-only part is really the core-OS (kernel/X/few command line tools) only. The rest is pushed into containers/Flatpaks where updates work as "normal". In practice, reboots on update are therefore rare.
(Score: 2) by PiMuNu on Wednesday September 20 2023, @08:02AM
That sounds less painful. I guess then that the attack surface that this protects is small, but presumably it is the nastier stuff like rootkits.
(Score: 2) by hendrikboom on Wednesday September 20 2023, @03:17PM
Sounds like Nyx would be better on such a system than Flatpak.
(Score: 2) by darkfeline on Wednesday September 20 2023, @10:28AM
You mean you don't modify and recompile your kernel regularly? Pathetic.
https://knowyourmeme.com/memes/principal-skinners-pathetic [knowyourmeme.com]
Join the SDF Public Access UNIX System today!
(Score: 4, Insightful) by Thexalon on Wednesday September 20 2023, @11:23AM
This assumes you have been given a way to change the boot sequence in some meaningful way, though. Walled-garden devices do everything they can to stop that.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by tangomargarine on Wednesday September 20 2023, @03:37PM
Silly me, there I go assuming that words have defined meanings anymore.
Apparently now it means "need to reboot to change it".
It kind of sounds like a cross between a LiveCD and...does anybody remember that thing like 10 years ago "frugal installs"? I tried a couple times but could never get one to work.
PuppyLinux had a thing where you could save your live session to a file on your hard drive, then next time you booted the LiveCD it would layer your changes back over the top, too.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 5, Insightful) by dwilson on Wednesday September 20 2023, @03:55AM
I am, and I haven't. Sounds like more corporate bullshit to me.
- D
(Score: 2) by darkfeline on Wednesday September 20 2023, @05:40AM (3 children)
Growing up, I was always scared I would grow old, stop learning new things, and shout at kids to get off my lawn. Looking at the comment section, I feel relieved since I'm not quite as far gone as my fellow old fogeys here.
Immutable distros are very cool. They are similar to LiveCDs, except thanks to many recent developments such as systemd-homed, they are actually practical for normal everyday use.
The distro is shipped as a single image. The image is installed to a partition and gets booted as readonly. All user files go into a separate read-write partition. Updating the system means installing a new image, which has the updated packages.
You can keep two system partitions for A/B updates, allowing for trivial system update rollbacks by rebooting into the other partition.
The readonly image prevents errant code/user action from rm -rfing system files. You could theoretically layer modifications to system files on top of the image, although the mechanism depends on the distro and generally is not necessary.
Join the SDF Public Access UNIX System today!
(Score: 3, Insightful) by Anonymous Coward on Wednesday September 20 2023, @07:03AM (2 children)
Recent development like systemd-homed gives you the option to have /home on a separate partition? Wow, those systemd devs really are inventive.
Perhaps I've been doing it wrong by keeping a separate /home partition for the multiple distribution changes I've made over the last 20 years.
Of course, I didn't have JSON when I used that idea from 1970s UNIX in the 2000s and 2010s, so it mustn't be as good as systemd-homed.
Now get off my lawn.
(Score: 2) by darkfeline on Wednesday September 20 2023, @10:31AM (1 child)
How do you plan on creating new users with a readonly /etc/passwd on a standalone host?
Here's your humble pie, now eat it. Maybe try researching things before dissing them.
Join the SDF Public Access UNIX System today!
(Score: 1, Interesting) by Anonymous Coward on Wednesday September 20 2023, @11:26AM
You're right. That's something I've not had to worry about. A readonly /etc/passwd that is.
Must be a good career, creating new problems for complex solutions.
(Score: 5, Interesting) by jb on Wednesday September 20 2023, @08:07AM (1 child)
This is an incredibly *old* (and highly effective) idea. The original version went something like this:
1. Only ever boot from write-protected tape.
2. When your OS vendor sends patches, READ them first, then ONLY IF they are sane...
3. ...apply them, rebuild and write to a new tape; write-protect it then go to 1.
The adherents of the new version of the idea seem to have missed the importance of step 2 though...
(Score: 0) by Anonymous Coward on Wednesday September 20 2023, @05:39PM
Why I like slackware's package management. You decide what software goes on your machine. Automatic updates and dependency resolution have become so broadly accepted, even expected, yet the model is inherently broken. A system that has automatic updates and dependency resolution for packages is by definition both unstable and insecure. Yet both are sold to us with the argument that they are important for system stability and security
(Score: 2) by DadaDoofy on Wednesday September 20 2023, @03:49PM
"Updates are only applied after a reboot, eliminating the risk of breaking the system while it's running."
How is the system not "running" after a reboot?
(Score: 0) by Anonymous Coward on Wednesday September 20 2023, @05:21PM
Most people/organizations don't care that much if ransomware encrypts their system files. They care that ransomware encrypted their data. Assuming not all of it is backed up.
There are probably thousands of copies of those immutable system files on the internet if not more, if they want them they can get more easily.
Not so for their data.
Lastly if immutable systems are useful in practice it proves that the OS has failed. Because normally users can't readily modify the system files anyway.
p.s. if you want to update your OS, don't login as a normal user. Login as root or a user account specifically for updates. Your normal account might be pwned so don't use it for system updates, but if your root/admin is already pwned your immutable system is probably pwned or going to get pwned anyway too.