Poettering: Fitting Everything Together

"Throw everything into an image" is certainly the paradigm promoted by those who put the mad rush to get something out above security, OS lifecycle, maintainability, and all those other tasks you'd prefer to be done by "other" people but care not to contribute to yourself - I use personal pronouns but by this I really mean corporate interests, which deeply shape the individual responses.

It is the rejection of even the term "Software Engineering," much less "Computer Science," for unfettered pragmatism, meaning OS anarchy. One could almost imagine the polite but corrosive comments of the greater visionaries like Edsger Dijkstra, were he still around, to such improvisatory and unplanned methods. "...informality is the hallmark of the Mathematical Guild, whose members —like poor programmers—derive their intellectual excitement from not quite knowing what they are doing and prefer to be thrilled by the marvel of the human mind (in particular their own ones)."

However, it doesn't work so well on regular distros which are more the scale of a house, unless you're in the business of hoarding housing and renting it out.

Using immutable images on appliances, remote devices, and infrastructure components that need to be always-on and really secure is both convenient and effective as it seriously limits the ability for an intruder to change components, plus it's easy to restart from a known state, and you know that upgrades always turn a stable system into a new stable system (but they usually require a reboot).

However, having tried to use this in the past on some user-facing devices (monitoring stations, web client, and lab machines), it was a nightmare. You constantly miss something and having to update your distro's description, rebuild one and reboot on it is painful, and you end up with a writable+executable directory mounted from a ramfs somewhere, where you place all your extra stuff that you were too lazy to install on a new image.

I would say, use immutable for unattended production, and use packages where there are users.

A missing piece in the proposed OS design is that the A/B update mechanism doesn't update the /etc config files that got created on first boot. This is sometimes needed for software that has required values in its /etc config file that get incompatible between versions. In general it's good to keep these files aligned with what the OS under /usr would create on a fresh install - of course unless the user touched these files. To migrate user changes the A/B update needs 3-way merge of configuration files in /etc, taking the old /usr factory file and the new /usr factory file into account (to my knowlegde this is done in rpm-ostree as used by Fedora CoreOS).

I get so angry with such a politicized systemd usage.
"Well, we didn't consider your corner case or system design or use of previously-existing-and-normal-but-now-deprecated-features, you're SOL, adapt!"

Next up: systemd won't boot a system that hasn't been updated by systemd-sysupdate (f u, RAUC et al users, why don't you yell at RAUC et al to drop their features and use systemd-sysupdate under the hood?!); who cares about A/R systems, you gotta go A/B; storage space is cheap anyways, eh?! Ooooh you're not following our ideal concept of signing or immutability? Get lost, "legacy" system! Oh you're not EFI? or have TPM2? "Obviously security is weakened on your platform and beginning with systemd vX we will no longer run on your inferior platform!"

If F/OSS was the equivalent of a direct democracy empowerment movement, systemd is the complete opposite. A hopefully benevolent entity pushing their world-view on everybody. Now you say, but people willingly adapt this based on its merit! Well, you adapt one tool and you're in a world of hurt until you adapt the rest. There's a mass psychology at play as well, one that systemd can't just "innocently" ignore and keep using their position as leverage at the same time.

The kindest way to describe systemd folks' development is to say "they're on a mission", but so was, e.g., the catholic church as well.

I think containers and images get a bad reputation from starting from a base image that's who-knows-what and getting the initial running state from doing whatever install steps to it. I want system installs to be that you start with a blank filesystem and a package manager outside of it installs packages into it; a purely package-based installation without any bootstrapping weirdness where your package manager and its dependencies are in your system when you first start running it.

Maybe I never liked Poettering's views and it may just be this different points of view.
I created images and put them on workstation in industry twenty years ago - but when
I see my systems they may not differ a lot - but they differ - and for a reason.

And I still want my base being a distribution built from a fixed set of libraries which
are only switched by compatible ones fixing bugs without changing its functionality.
What makes sense for the kernel should be the same for libraries - new functionality
would mean new functions - nerver altering old ones to lose compatibility.
Rolling kernels don't harm - currently no one will like to apply this on libraries,
as library developers have a different view - which makes the desktop not a nice place.
But using fresh and stable versions of applications which I need to have current and
with full functionality - not being able to wait several years (GCC, TeXLive, you
name it) - but built on the fixed set of libraries. No snap, not flatpak - packages of
the used distribution (and yes, due to my experience I prefer deb packages over rpm ones).

These, snap and flatpak and alike, are not appropriate for systems I want to use - and images are
used in my work only to create backups - i.e. seldom taken snaps ... and frequent incremental
backups for working fields which change a lot.
So I use happily ext4 and would not wait for anything BTRFS and friends have to offer
(which are sure important for some use cases), but rely on robustness and recoverable errors.
Using fixed sized partitions (much larger than needed) and not using LVMs - and also
no RAIDs. I know them, but no benefit but lots of problems if applied to my desktop systems.

One size fits all won't ever work ... and while industrial use cases are in focus with the LTS releases,
they are silly to apply on desktops (LTS kernels are a really bad idea to be used on desktops - but
may be appropriate for smartphone and servers as these are typically mere industrial products).
I hope that people will learn this - otherwise Red Hat/Canonical etc. may bring their taste as
something everyone needs ... or has to use in the end.
And normal desktop users are forced to test industrial products for free (not being paid) but
have to pay the price to have no longer choices - use GNOME, use flatpak/snap, use systemd,
use Wayland - and alternatives need additional care in infrastructure which not even Debian
can provide - and I understood the struggling to get all maintainers to do additional work
e.g. for different system management/booting infrastructures.
But having only one - which is magically the best - is nothing I would call reasonable.
This is not a world of free users - but a world of companies getting everything for free
what many people improved in their spare time.
And I discovered bugs when employed in IT business well known IT giants would not even
think to be possible and first reacted that these bugs could not exist as I was the only one
reporting them - and this happened several times.

Both worlds are important and both can benefit from each other - the current vision of one united suit
(or better uniform) may not end the way those creators had in mind.
And I am not yet inclined to give names of political systems to that directions ...
but everyone may know which direction resembles which political system, right?

Yes, please.

> 14. Things should be reasonably democratic and hackable. It should be easy to fork an OS, to modify an OS and still get reasonable cryptographic protection. Modifying your OS should not necessarily imply that your "warranty is voided" and you lose all good properties of the OS, if you so will.

The first generation of security keys were divested from the companies that designed them, but still connected to the mainframe and expensive (something Tim Ansell commented on https://tomu.im/fomu.html ). However there are some that can actually store keys, and log you into something other than the mainframe, but they still probably should just ship with TPM2 chips and something similar to usb mass storage interface......

> systemd-sysusr

Lennart Poëttering is quoted saying "SELinux is a great technology, but I don't understand it." The original UNIX #5 from Bell Labs (except for tiny 16-bit UID/GID) can actually do absolutely everything if you:

1. Let go of any preconceived notions of how a filesystem must store UIDs and GIDs (I spoke with Eric W. Biederman in Oakland with Mark Shuttleworth and while he awknowledged that UIDs and GIDs are sticky, and they are, he definitely did not have any preconceived notions that filesystems must store them in any specific way.)

2. Turn the Group table into a Directed Acyclic Graph.

My first thought is the need for 'yet another partition' which is basically a download scratch space to get things down to correctly checksum and build out either A/B partitions or the various 'flatpaks' and other stuff needed to layer ontop of the A/B images.

I do think that the above issues (hardware support and download size) are solvable and look forward to an immutable future!

(as a tangent how good is systemd-homed with large homes, currently have about ~3.5TiB of data (working on photo/video eats space...))

We can do better than that, much better than that - Microsoft's approach is now getting old and is cumbersome, it shouldn't be hard to improve on.

Mint comes in three flavours depending on the GUI you want, and Ye Olde Tyme installers used to ask if you wanted a development setup, desktop setup or workstation setup. It wouldn't be hard to have 9 standard images.

There's no reason why you couldn't do the underlying operations on those standard images at the package level, there's no reason why the DVD couldn't have a whole load of packages on it, the base install just freezes the partition in the state where certain packages are already installed.

How difficult would it be to develop a proof of concept?

Images are a byproduct. I find the declarative approach more promising: declare the OS config, declare the home environment config, and use tools to instantiate those configs. Guix System and Guix Home follow that approach, and similarly for NixOS.

For OS deployments just like for software packages, users have more to gain by having the source than by having nothing but the byproduct.