A high level explanation

Can someone please provide context for us noobs?

It’s people who know they will be irrelevant because they spent decades producing shit software

So the Linux kernel is shit software now? Just because it’s not written in the newest programming language? Kind of a hot take.

This article reads like a press release from SUSE.

I don’t know if this works in docker (usually there is 1:1 equivalency between the two), but with podman you can do something like:

podman stop --filter name=foo

man podman-stop tells us:

   --filter, -f=filter
       Filter what containers are going to be stopped.  Multiple filters can be given with multiple uses of the --filter flag.  Filters with the same  key  work
       inclusive with the only exception being label which is exclusive. Filters with different keys always work exclusive.

If you do a rollback, I assume your data remains? I assume you might need to reinstall apps which were not in the original? Or does it keep apps, data and settings across a restore?

In CoreOS (Silverblue), /etc, /var and /home (which is in fact a symlink towards /var/home) are regular writable partitions, so your data, configs and personal files are not touched by the upgrade/rollback procedure.

All the packages (and their dependencies) you’ve installed extra are also upgraded/rolledback when you do a system upgrade.

The immutable part (again, only speaking about Silverblue, I don’t know about others) refers to the inability to make changes online (i.e. without rebooting), but you can eventually change whatever file you want. The way it works is you would make your changes in a copy of the current filesystem and at boot simply mount and use the copy. If something goes wrong, you just mount the original at next boot and you have rolled back.

You make a lot of good points, but I have to disagree on the “don’t let the user see or touch anything”. That’s very much not the way immutable distros behave (and I speak mostly about Fedora Silverblue here, I don’t have experience with other immutable systems): you can touch and change anything and often times you have mechanisms put in place by the distro developers to do exactly that. It’s just that the way you make changes is very different from classical distros, that’s all, but you can definitely customize and change whatever you want. I feel the comparison between immutable distros and Apple is really far off: Apple actively prevents users from making changes, while immutable Linux is the opposite – while there may be some technical limitations, the devs try to empower the user as much as possible.

Maybe I don’t understand the question, but what prevents you from adapting your Ansible playbooks to Fedora Silverblue? I assume for Debian at some point you have a “install packages” section which you should rewrite to use rpm-ostree or flatpak instead of apt-get; your dotfiles section should remain the same etc etc.

Although from a purely scientific stand point you are correct and there is no truly random number generator, I would argue that simulating a dice in a video game can be considered random for all intents and purposes.

In the FTPD logs, do you see the initrd file being pulled? Could it be a mismatch between the kernel and initrd you’re serving?

Well, I don’t know how fair they play now, but for sure that wasn’t always the case.

Let’s not forget Oracle! While Rocky bit the bullet with this poorly written announcement, I believe Red Hat’s target was in fact Oracle, not some 20 employees startup with no customers.

I don’t think Red Hat is violating GPL. For sure it’s not violating the legal terms of it (I’m fairly certain the army of lawyers RH and IBM have at their beck and call made sure of that) and I don’t think it’s violating it’s spirit (at least not yet) – they are still contributing any changes and their customers still get access to the source code. And (for now!) it doesn’t even seem they are making it super difficult to do so either. The way I see it, RH wants to be the only game in town providing service contracts for their own product which is fair game, imho. The problem with Rocky is that they also stand to make money out of the same source code which is the disingenuous part, in my opinion.

I honestly don’t know why Rocky made this announcement, even if their intentions are noble, they do come out as the bad guys in all this mess. They could have simply put out some generic announcement that “we are working towards a legal way” and kept doing what they are doing.

And to be clear: I believe the true people that stand to lose in this are the users and the community. I’ve been a user of CentOS (the old style, not this new breed of RHEL beta) for a long time and even an occasional Rocky user in recent times, but that will have to change.

Well, Red Hat doesn’t really get paid (of course, I’m not arguing RH is not making or doesn’t have enough money) – they would get payed for one or a very small number of licenses. At the same time, Rocky (and Alma and more importantly Oracle) wants to actually sell (albeit only support) the same product put together by Red Hat so it’s not really a community RHEL clone. I think that’s the real issue here. I wouldn’t have a problem with this workaround if it were coming from the community, without the commercial asterisk attached.

I’ve been using the same Silverblue installation for about two years (maybe even more than that). Initially, I did a lot of tweaking because I didn’t really know how to approach toolbox and flatpaks, especially because I don’t use Gnome as my desktop environment, so this system went from standard Silverblue to Silverblue+i3 overlayed, then to Silverblue+sway overlayed, recently it got rebased to Sericea and it’s still running like day one. It also got upgraded from version 35(-ish) to 38 still without any issues (well, I did have some issues, but I simply rolled back and that fixed it).

I’m also deploying several Fedora CoreOS servers with a similar level of success, but those mainly tend to just run some containers, so I would say I mess way less with those, it’s been mostly just update/upgrade to the latest, check if podman is still running my containers and let them be.

For all my non-compliant, non-supported hosts I started using Fedora CoreOS quite successfully.

If you package your applications as containers, you should have a very easy time with it. It’s based off ostree, which means a couple of things:

• immutable (so not easy to break, I guess?)
• atomic upgrades, which means you upgrade in a single step
• atomic and full rollbacks, which means if an upgrade breaks your host, you can rollback to the exact previous version booted simply by choosing it from grub
• still based on rpm, so you will still have a grasp of it, even though many things are completely different
• other benefits I forgot, I’m sure :)

All with the added benefit that once you go towards containers you can change your distro with minimal effort, so there’s that.

I don’t think Arch (or any rolling distro for that matter) is the best solution for a server deployment. If you update rarely, you’re bound to have to do manual interventions to fix the update. If you update too often, you might hit some distro breaking bug and you’re rebooting very often as well. Those two options are not great on something requiring stability.