Immutable distros seem to get a lot of hate, and a lot of it seems misplaced (and imo from people that haven't really read up on it). I want to try to clear up a couple of common misconptions:
Immutability: Immutability is not the purpose of coreos or microos, but rather a side effect. The purpose is reproducibility, and for that immutability is needed. This is related to the mechanism used to achieve reproducibility. That doesn't mean immutability isn't a useful side-effect (security), it just means it's not the main objective.
Reproducibility: The main desired outcome. And why I don't understand opinions like "why are they still made (since nobody wants it)". Reproducibility has been worked on for along time in the OS world and is a worthy goal. We aren't there yet but an obvious use case is voting machines. A more immediate benefit is: we can finally guarantee that a collection of packages that has been extensively tested will be deployed bit to bit in all servers.
User usage: there is an argument to made that this isn't useful in end-user distros, and is more of a server feature. Largely for linux power users this will continue to be true. But for others: it lets the distro makers make a stronger guarantee on the interoperability of the programs packaged in a specific version. A OS version has been tested thoroughly and you get a bit to bit copy of it. No more "package X broke package Y". Or "package Z is missing from the dependencies". Reproducible distros have the potential to be a more "out-of-the-box" stable experience.
I would argue that calling them "immutable" is part of what is fueling a lot of the hate and misconceptions. I would prefer "reproducible distros". Another often ignored aspects is the the newness of the technology. While these distros look to provide a more stable experience, for now that won't be case (but they aren't far away anymore).
Final note: to those power users that hate the idea that they can't "control" the distro, coreos based distros are already capable of using containers images as a transport. This means you can do anything you want through a Containerfile. And you can deploy this exact configuration to all you computers. No need for scripts to extract and install your desired configuration, just pull your personal OS image from your image registry.
Wrap up: I don't understand how a someone who uses linux in the server world can not see the value of this tech. It offers a long wanted solution to server deployment: using container engines ability to abstract the OS environment from the application environment. To be short: it lets the OS and the apps it runs live "their own life", with independent update cycles.
Because I forgot one of the most important features: true automatic updates with auto-revert. Reproducible OS's are updated in the background and the updates don't take effect until you reboot. This means you can finally safely update the OS. And if something fails, the bootloader can autorevert to the previous working version.
This is more impactful in server world. In your personal computer you update packages and most of the time "everything is fine", if it's not you reboot. But accurately knowing which packages require a reboot has been a long standing problem, which reproducible OS now fix by just not doing that. In server world an update breaking things can take time to find and can affect multiple machines at the same time. The stakes are higher to make sure updates are stable.
As someone who runs 7 servers in different datacenters (including cloud, local, and 2 in my home rack), being able to test and update on one system, then push that update to all the others, is a dream. Immutability is a step in that process, since it prevents weirdness from creeping in between updates. My only gripe right now with the options is they all still feel bloated. I miss original Rancher. All I need is Docker/Podman, and maybe wireguard to string the servers together. Likewise, my data hoarder computers need only zfs and enough on top to link them safely (so, wireguard). If I could focus on 2 stacks that I can push out elsewhere easily, I would be soooo much happier. Sain immutability tools are honestly magical.
coreos doesn't feel bloated to me at least, no comment on others. I can't think of anything "excess" in it. It has docker, podman and wireguard-tools, other than that all the packages are pretty "essential".
rpm-ostree on the other hand does feel bloated (and is included), but check out https://github.com/containers/bootc. I have high hopes for it.
Nick is probably my favorite Linux YouTuber. He seems to be the only one to understand that Linux has to look and feel sexy for new people to stay on board.
Personally I’m not super into the idea of immutable Distros, they kind of feel like Phone or Game console operating systems due to being read-only and containerized.
I prefer being able to change stuff without it being overwritten in the next update which is one of my many complaints with the steam deck and it’s immutable OS, the system is locked to read-only and even if you unlock it it’ll get relocked and all your changes undone at the next update.
The point is you don’t need to change stuff. You tell the resulting state of the system, the system will generate that state for you.
You don’t change some file somewhere, you change the pipewire settings in your configuration file and rebuild. You save your config to version control so you can recreate the exact copy of your system any time and on any computer by just letting it download the locked versions of all of the packages you have installed.
Well back when I didn’t know any better and would go through linux installations because I would break things but also because many of the “recommended linux distros” had problems (f*** you Canonical forcing buggy snaps onto us) I might’ve thought it was an awesome idea. But now that I know better (both how to not break stuff + fix things if they’re broken, and know when people are recommending glitchy trash) it just feels more restrictive. Kind of like a game console, android phone, or S mode. It’s not necessarily as restrictive as those things because you can turn it off and do what you want but the updates to the OS will almost never respect the changes you make, as I know from SteamOS.
Because I want to Install portmaster or create services to launch my own scripts on Boot without them being purged blindly by an update (just like How on Game consoles System updates will remove installed homebrew) I’m not into the idea of using immutable systems that lock you out of changes you might want to do that aren’t official.
Immutable systems do not "lock you out of changes you might want to do that aren't official", even if steamOS specifically does.
Microos and coreos both allow package layering client side. There is also features landing allowing "unlocking" the read-only filesystem.
More importantly, coreos now allows using Containerfile to customize the distro server side, and then all your computers can pull the same image (with all your hard work stored in the registry, and reapplied via the Containerfile and some cicd). It's certainly a very different and new workflow and there is a lack of tools user facing tools, but that is always the case with new tech.
The workflow I would sell you on is this:
"unlock" system (allowing non-persistent changes)
test everything works as you would like
apply same changes via Containerfile
Enjoy all your computers automatically updating to this and all your hard work being stored permanently in a registry.
This is a simplification and in practice currently a lot of things are hard to accomplish this way (say bootloader changes). But that is the "goal", and after running highly customized distros for a decade, I at least would love to be able to have all my changes in all my (present and future) computers without the hassle that brings currently
You can just describe the effect you want for your system. Most common cases are done for you in NixOS. Like configuration of packages, systemd services, etc. But you could write your own. I submitted a pull request for a service, and then made a half-assed fork of a GUI for the NUR.
Could I just used a different distro and just installed it? Sure, but now people use my package
I could have figured out how to set the iptables myself instead of using some software, but we’re sharing solutions here so the next person can just write the package name and just use it.
You’re creating your own ad-hoc solutions with different benefits and drawbacks.
Portmaster wants to download its own updates. They could just go the Firefox “managed by your organization” route if they wanted to
At least in coreos. rpm-ostree let's you "layer" packages on top of the base image, so when you install the next update it will automatically install your packages on top. You get to have the cake and eat it too.
Docker just hides the dirt under the carpet. It doesn’t actually clean up the mess. The beauty of something like NixOS or Guix is that you get reproducibility, immutability and hackability without any kind of container magic and you get it at the level of the individual package. The whole system is little more than a naming convention, some symlinks and environment variables. It’s basically all classic Unix’y stuff.
That said, other immutable solution that aren’t NixOS or Guix aren’t that much different from Docker from what I understand.
Or being forced to find a headset somewhere because my hearing is shit and I can’t make out what they’re saying (and don’t get me started on the auto-generated sub’s).
Also, not having ads waved in my face on YouTube is a plus.
Also, I read a lot faster than the average youtuber talks.
Some things benefit from video, but tech articles tend to not fall under that category.
I mean, generally I agree - but this video’s description was pretty good, and even answers the question from the video title:
And so I don’t think immutable distros will replace regular distros. They’ll grow, and occupy a space next to let’s call them “mutable” systems, but they’ll probably never be the default thing most people use.
Haha didn’t even notice it was hosted somewhere else since I didn’t click the link.
But the point is, videos have a lot of downsides and very few upsides. Sometimes it’s good to get a visual explanation of something but more often than not, videos are designed to focus on the influencer and to be entertaining.
