For once I feel a little out of touch after I took a bit of a break from following the news to focus on studying, and suddenly everyone is talking about immutable distributions. What are they exactly? What are the benefits and the disadvantages of immutable systems?
My understanding is “immutable” is a bit of a misnomer and avoids the “point” of using these distros.
“Layered Distros” is a better terminology, where you can imagine the OS as multiple layers, and you can swap 1 layer out for another without modifying the others and still have a functional operational machine.
Now some of those layers have to be immutable ones at runtime for this concept to work, so thats where that part of the name comes from, but thats an implicit result from the actual point/use case of these distros, not the selling point.
So you can swap versions/releases of your OS very cleanly at boot, without modifying userland, and it will continue to function just the same. This lets you do stuff at the admin level like broadly releases a version update merely by having users just reboot their machines, and next time they boot up their machine will now be running on the new OS layer, with their local “user” layer being unchanged.
Immutable distros are locked-down versions of the traditional operating systems. Literally.
In the normal traditional world, you can use the package manager to remove python as a system package and all its dependencies if you so wished. You could rm -rf / too.
With immutable, the whole filesystem is on ro mode. Every system program that a user needs is bundled by the OS and no other changes can be made without breaking the model.
This model of having the OS immutable means less chances of malware getting persistence, high systems availability and reproducible environments since the OS controls the state of the versions available and makes this state available to all users of the distro.
In the case of NixOS at least, ‘immutable’ doesn’t mean you can’t change the system at all.
It just means you cannot change the currently installed set of packages and services (generation in NixOS parlance); all you can do is create new ones and delete old ones.
Basically every update might as well be a complete reinstall of
/usr,/etcand whatnot if you compare it to traditional distros.Security, Stability
Removed by mod
You know, there was Ansible, containers, ZFS and BTRFS that provided all the required immutability needed already but someone decided to transform regular machines into MIPS-style shitty devices that have a read-only OSes and a separate partition for configs. :D
Yeah I’m with you, I want more reliability but immutable is a bit of a long way to go to get it.
I get why people are willing to make the tradeoff though, docker taught us os configuration should be done programmatically, my workflow is just used to constantly fidgeting things till they feel right, to each their own.
