alt Hacker NewsI am not sure I fully understand the usability trade-offs when it comes to these "atomic" distros. One the one hand, security seems to improve markedly, since the root filesystem is largely immutable. On the other hand, it does seem that a lot of straightforward things become harder. I generally dislike flatpaks and favor a low-level, bare-metal approach to things and atomic distros seem to go against that. Maybe I should just run some experiments in a VM.
Replies
For me, the point is not security, but maintenance. Whenever system upgrades have gone wrong, it's almost always been a partial update, and that just no longer happens.
I've found doing work in containers made things straightforward enough, as a developer. Though I still somewhat think that that's just moving the problem - I'm not quite keeping those containers up-to-date. `distrobox assemble` helps a bit though.
Atomic rollback is kinda big for servers.
If you manage enough diverse servers, then patching will break something critical fairly frequently. Back when I was a sysadmin, Windows updates would break some server every 2 months, and Redhat every 6 months.
Being able to just reboot the server back into a working state, and then fix it at a later time would have been nice.
The idea is that the immutability of the operating system leads to greater stability. The partition should (in theory) be exactly as the distribution expects on every computer it’s installed to, which limits the potential for user changes breaking anything. The benefit to the user is that it’s a lot harder to shoot yourself in the foot by running the wrong script.