Don’t get me wrong. I absolutely love Fedora Atomic (Silverblue, Bazzite, Kinoite, Aurora, IOT, etc.), more than any other distro I used, and I plant to continue using it.
It never made any problems on any of my devices, and because it is pretty much indestructible and self-managing, I even planned to install it on my Mum’s new laptop, in case her current one (basically a toaster with Mint on it) breaks.
But with the last days, my trust is damaged quite a bit.
First one, where I couldn’t update anymore on uBlue, because of faulty key pairs. This is a huge thing for me because uBlue updates in the background, and if I wouldn’t have read it here on Lemmy, I would have found out way too late, which is a security risk imo.
And now, my devices weren’t able to boot anymore due to some secure boot stuff.
Again, if I wouldn’t have subscribed the Fedoramagazine, I would have noticed it way too late.
I was able to just boot into an older image and just paste a few commands from the magazine’s post, and it was resolved in just seconds (download time not included).
Both instances were only a minor thing for ME.
But both would have been a headache if I wouldn’t follow those blogs, which is a thing only nerds (like myself) do.
Nobody else cares about their OS, it is supposed to just work, hence why I use Atomic.
I don’t wanna blame the devs (both j0rge/ uBlue and the Fedora team), they were very quick, transparent and offered very simple fixes.
And, being able to just boot into an older image, just in case, is something I am very thankful for, but nothing I want to depend on.
Having to be informed about stuff like this and then having to use the CLI is just a no-go for most people.
Am I over-reacting about this too much? What’s your view on those things?
The beauty of Fedora Atomic is that anyone effected by the recent update (including me) could simply rollback to the previous image and boot as normal in order to troubleshoot. This is exactly why nearly all of my devices are running Silverblue or Kinoite now.
I think it’s worth mentioning that significant bugs happen across all major OS platforms.
Recently, Microsoft pushed a patch requiring effected users to manually resize their EFI recovery partition. Shortly after that, it was announced that all Apple Silicon Macs suffered from an unpatchable vulnerability which can defeat encryption. These are just a couple of examples from recent memory…there are many others.
To truly avoid serious software vulnerabilities or bugs is to avoid software entirely. Operating systems are highly complex, multilayered software, and shit happens.
As someone who works in an environment with many Windows and Linux VMs, I can pretty accurately state that Windows updates have caused far more critical problems than Linux ones over the past 2 or 3 years. Microsoft’s Patch QC has been AWFUL. (Print Nightmare fixes caused ongoing problems that are still breaking printing. You mentioned the EFI change, there’s also patching completely failing for machines that had too small a recovery partition. Fine if there was none, or it was large, but all updates fail after that if your machine has a partition that Windows itself silently created.) There’s literally dozens of major Windows update failures recently.
As you say, shit happens. Paying for something doesn’t make that any less.
I’m not. This is the toll one pays for getting absolutely free operating systems and programs without any real catch. No one to our knowledge is making money off of data collected by our use of the OS so if there are some bugs like that, I find it perfectly acceptable given the alternative where I pay a license to have windows installed on one computer and also get my data mined by Microsoft and my data sold to thousands of third parties.
Never mind the fact that paying for a license doesn’t guarantee it won’t break. In my experience, every Linux distro I’ve used has been much more solid than all Windows versions since Windows 8.
Upstream Fedora is pretty bad with troubleshooting.
I honestly think the traditional Fedora with dnf is bad. I tried it and it was a pain. But the packages are pretty nice.
The issue is: Fedora is a testing platform. Their kernels are fresh. Fedora Atomic is not a finished product (and also not marketed as such in any way).
uBlue literally uses unreleased quay OCI images of Fedora atomic. They are built, but not used. The official ones are not even signed.
Fedora is not a stable distro at all. So they should focus a lot on
- testing if the damn kernel boots on real hardware
- having easy and always accessible fallbacks
- having troubleshooting help everywhere
Also, as most problems are because
- outdated grub (fixed soon with F41 likely, only on atomic)
- too new kernel
- weird kernel module stuff
- rpmfusion sync issues
Many problems can be avoided by using a different Kernel!
Kwizart maintains the official LTS Kernel, built for Fedora, CentOS and RHEL
Replacing the kernel with this may be a solution for many problems
copr enable kwizart/kernel-longterm-6.6 rpm-ostree install kernel-longtermNot sure if then both are kept.
Did you experience the Silverblue issue on a ublue image? We mitigated that last month so you should only have one problem or the other, not both.
oh hey, you’re on here. Absolutely stoked to see a co-maintainer of my favorite linux is also on my favorite social media!
Thanks for the fantastic work on uBlue.
Yeah. I use Aurora on my laptop, but, to be fair, I don’t reboot it as often. Maybe every 2-4 weeks I guess.
I saw the announcement about the failing updates, tried to update my system, and that went as announced, failing to verify.
I then executed the script, updated my OS successfully and rebooted.The system worked fine now for a few days. Yesterday I shut off the device, and today I got greeted by the failed secure boot, having to resort to the image before and fix it.
On my gaming PC I use Bazzite, but I didn’t turn the PC on the last days. I only executed the update-fix-script, installed the pending updates, played for half an hour and then shut it off again.
I will keep you up to date with the results once I come home.
Btw, I asked my partner about her opinion on this. She said that problems like this may happen anywhere, no matter which software, and as long as the devs announce that and offer a simple fix, there’s nothing one can do about it.
She only suggested a small “news channel” built into the OS.
Do you think that might be possible to integrate, for example into the MOTD in the terminal? I don’t know if there are possible solutions out there.She only suggested a small “news channel” built into the OS.
Yeah we’re working on that here: https://github.com/ublue-os/bluefin/issues/1485
The failure with secure boot afterwards is news to me, we’ll investigate, thanks!
My takeaway was add https://universal-blue.discourse.group/tag/announcements.rss to my rss reader (already had fedora) and I’m happy I’ll know when I need to, still for those of us who support non-technical users on these platforms it is indeed problematic.
OTOH, this is the first time I’ve had non-nvidia (sleep broken on my desktop, just rolled back and held updating for a while, no big deal) update problems in two years, which is pretty outstanding for a new rolling distro, and gives me confidence in the architecture. Shit happens I guess, but it was quickly and publicly sorted, also trust building…
This should be done out of the box. The implementation depends on the desktop.
Which is why for quality assurance, at most 2 desktops should be supported and prioritized like that.
Yeah, it all still is more experimental than I’d hope. The whole reason I’m using Silverblue is low maintenance and less risk.
The plus side is that it didn’t render my system unusable - I could boot into the old version. But hopefully lessons will have been learned, and this will happen less often in the future.
I don’t see atomic systems on desktop computers. They make sense on more embedded and stable systems that still need eventual updates like ATMs and industrial machinery control panels but not desktops. Atomic systems kill customization that is one of the core advantages of Linux. Probably it also has something to do with my not-so-enthusiastic opinion on Flatpak idk.
No Atomic systems make all sense.
They are literally the reason why an unstable distro like Fedora is robust.
Customization is all done on the mutable areas, home partition etc. A new user profile equals a new vanilla desktop.
Yes, you cannot mess with the core architecture of the OS. Things need to be centralized.
But you realize, similar to GNOME removing theming, that if you have one way that everyone can test, you have way less bugs.
As a KDE user I would be really fine having way less customizability and more stability. I am very fine with the default in most cases.
A well designed system does not require customization, and to be an OS used by the world, Linux needs good defaults.
I agree that this is a very valid reason but I don’t think most of the people see their OS that way
Which is still irrelevant for OPs thread. It is actually the opposite. The more you diverge from upstream, the more you need to vendor your changes.
That means if your mums PC breaks, you are responsible ;)
This is not relevant to the topic about issues with the stability of atomic desktops
I’m always surprised by the toxicity of Lemmy. Anyways I think it was relevant to the topic because the OP asked for opinions on atomic systems. Are you arguing because you have a drastically different one?
No, I understand your points. I may think you need to specify what you mean by “customizable”. A lot of stuff users normally do, like theming, installing random stuff etc, works. You can layer, build your own image etc.
But this is not the point as OP was frustrated about having an OS that even though promising to be reliable still breaks.
And whining about “oh I cant tweak it” is just not at the correct place there.
But of course my answers were kinda harsh, sorry for that. But these issues are really nonissues if your priority is having a working system.
I agree that Fedora Atomic NEEDS a way to have GUI messages via an RSS feed arrive to all users by default.
KDE Plasma has an RSS widget by default I think. Will open a discussion about that.
Keep an eye on CentOS bootc
And the CentOS hyperscale SIG (Youtube presentation, newer update) is basically taking CentOS and backporting or just using tons of Fedora packages on there, for better performance.
I think they use the Fedora Kernel which would still be problematic, as the current 6.6 LTS kernel is still way newer than the 5.14 CentOS kernel (with tons of backports).
You are completely right, they’ve dropped the ball. Of course it’s open source, so the devs are not duty bound to keep the system running well. it’s just that my trust is shaken that I could just set up grandma’s computer with this and not need to maintain it…
These days even Apple and Microsoft struggle with testing their updates and pushing out updates that are not broken or system breaking. Maybe the grans of the world should just become more tech savvy. ;)
Then again if long term Fedora immutable systems only fail like this once every two years, then we are not really worse than needing to deal with Windows Rot.
on the flip side, Linux, the distros, the desktops are a lot more about community than anything Windows – and Linux projects are a lot more willing to admit they can’t operate in isolation – there’s constant interplay between the projects, the security teams, the kernel hackers, the language devs, the testers, and the users – and they communicate with each other through the blogs and mailing lists and IRC and toots and Fedi communities
I am. Cant boot after update because of secureboot stuff
I think the problem ist accepting that people don’t want to understand or be informed about a thing that their life depends on.
Everything gets more technical so there has to be a basic understanding how things work or else you are fucked in one way or the other.
If you walk on the streets you don’t have to know the max speed on a highway but you need to know how traffic lights work or you get run over.