Don’t get me wrong. I absolutely love Fedora Atomic (Silverblue, Bazzite, Kinoite, Aurora, IOT, etc.), more than any other distro I used, and I plant to continue using it.
It never made any problems on any of my devices, and because it is pretty much indestructible and self-managing, I even planned to install it on my Mum’s new laptop, in case her current one (basically a toaster with Mint on it) breaks.
But with the last days, my trust is damaged quite a bit.
First one, where I couldn’t update anymore on uBlue, because of faulty key pairs. This is a huge thing for me because uBlue updates in the background, and if I wouldn’t have read it here on Lemmy, I would have found out way too late, which is a security risk imo.
And now, my devices weren’t able to boot anymore due to some secure boot stuff.
Again, if I wouldn’t have subscribed the Fedoramagazine, I would have noticed it way too late.
I was able to just boot into an older image and just paste a few commands from the magazine’s post, and it was resolved in just seconds (download time not included).
Both instances were only a minor thing for ME.
But both would have been a headache if I wouldn’t follow those blogs, which is a thing only nerds (like myself) do.
Nobody else cares about their OS, it is supposed to just work, hence why I use Atomic.
I don’t wanna blame the devs (both j0rge/ uBlue and the Fedora team), they were very quick, transparent and offered very simple fixes.
And, being able to just boot into an older image, just in case, is something I am very thankful for, but nothing I want to depend on.
Having to be informed about stuff like this and then having to use the CLI is just a no-go for most people.
Am I over-reacting about this too much? What’s your view on those things?
They owned up to it, and immediately dealt with the issue.
It’s open source, free, and run by volunteers who bust their asses to make these releases happen. I wouldn’t worry too much about it if it’s been working the other 99% of the time for you, and this one issue has you on the fence about it…
I agree, mistakes and vulnerabilites happen in all software commercial and open. Now I can only speak for RetroDECK but, we also make mistakes and need to do minor patches to fix those.
I think Jorge and the team handled it as you should: Be transparent, inform on all channels they can and learn from your mistakes.
Me personally have full confidence in them.
Those that try to hide or shift blame of mistakes are a bigger red flag in my book.
What we need is a popup IN THE OS that tells users how to troubleshoot.
Separate from the OS core, updatable individually, like an RSS feed with persistent popups using KDialog etc.
Those that try to hide or shift blame of mistakes are a bigger red flag in my book.
People, please; look at this.
It’s inevitable that mistakes will happen.
Exactly. These kind of things happen from time to time; hell even big corpo OSes mess up. They said they’d taken time to fix their process to prevent this problem happening again.
If it becomes a pattern I’d become concerned. So far, it was inconvenient.
CLIphobia is a new one to me.
A lot of people on here are new to the ecosystem 🤷
Some of us also are just tired of administering the system and just want to use some applications.
Fedora is run by RedHat/IBM employees but OK
No, that’s not at all true.
Red Hat owns the Fedora brand, sponsors the project financially, technically, and with some infrastructure, but does not own the project, nor pay everyone involved. Aside from a project lead here or there, it’s all community run. Literally anyone can contribute or volunteer.
If Red Hat were to stop officially supporting Fedora tomorrow, can you guarantee the project will still survive?
Can Android/AOSP survive if Alphabet were to give up on it tomorrow?
Sorry to be rude, but can’t you just go read the docs to understand this?
Fedora is a fork of Red Hat, the same way Ubuntu is a fork of debian. Yes, it is now singular to being its own thing. It is also not corporate controlled.
Fedora is a fork of Red Hat, the same way Ubuntu is a fork of debian.
I think you’ve got your ordering and terms a bit confused, there. There’s no forking as such going on in the EL ecosystem.
To explain it as simply as I can, as there are quite a few people mixing this up in here.
Fedora is *upstream *of Red Hat (Or RedHat Enterprise Linux (RHEL) to be exact - Redhat is a company owned by IBM that does a bunch of stuff, not just RHEL).
Fedora feeds into CentOS Stream (Essentially a staging area for RHEL). This has no relation to CentOS Linux, which is dead.
RHEL is then built from CS at point releases and sold commercially through licencing.
There are distros such as Rocky, Alma, Oracle Enterprise Linux and possibly some smaller ones that strive to be near exact clones of RHEL (Rocky claims bug-for-bug compatibility, Alma doesn’t any more as they build in a different way) - these follow RHEL’s point releases, and might be considered a poor and loose definition of forking, but rebuilding is a more accurate term.
All these distros are under the blanket term of “Enterprise Linux” because it’s shaped around RHEL, even though most are free. Historically this worked well, as people learned Enterprise skills using Fedora and Centos Linux which turned into careers (including for me). Then Redhat went a bit mad and that all changed.
The only similarity to Debian/Ubuntu is that Ubuntu uses Debian as a base, and builds upon it. Like RHEL, it adds commercially licenced bits to its distro and rebuilds other parts into something unique, and like RHEL, Rocky, Alma and OEL do with Fedora, it feeds back improvements and development into Debian.
You’re just a coward to admit you were wrong?
Says the person with a “Twitter verified badge” as profile pic LOL.
What has this to do with ANYTHING I wrote?
Fedora is Fedora and uBlue is uBlue, a separate project. Blaming Fedora for uBlue issues is like blaming Ubuntu for Mint issues.
And on Silverblue issues on updated happen from time to time. On immutable distros such issues won’t break the system unrecoverable, this is the whole reason for immutables, but there are no promises for lacking of issues.
And you are disappointed because you have encountered two different issues at once. But it is a purely random event, and I have not noticed any changes in frequency.
But saying about Silverblue, I think probably it doesn’t get much attention from the Fedora project lately, because few recent releases didn’t have any improvements either.
The beauty of Fedora Atomic is that anyone effected by the recent update (including me) could simply rollback to the previous image and boot as normal in order to troubleshoot. This is exactly why nearly all of my devices are running Silverblue or Kinoite now.
I think it’s worth mentioning that significant bugs happen across all major OS platforms.
Recently, Microsoft pushed a patch requiring effected users to manually resize their EFI recovery partition. Shortly after that, it was announced that all Apple Silicon Macs suffered from an unpatchable vulnerability which can defeat encryption. These are just a couple of examples from recent memory…there are many others.
To truly avoid serious software vulnerabilities or bugs is to avoid software entirely. Operating systems are highly complex, multilayered software, and shit happens.
As someone who works in an environment with many Windows and Linux VMs, I can pretty accurately state that Windows updates have caused far more critical problems than Linux ones over the past 2 or 3 years. Microsoft’s Patch QC has been AWFUL. (Print Nightmare fixes caused ongoing problems that are still breaking printing. You mentioned the EFI change, there’s also patching completely failing for machines that had too small a recovery partition. Fine if there was none, or it was large, but all updates fail after that if your machine has a partition that Windows itself silently created.) There’s literally dozens of major Windows update failures recently.
As you say, shit happens. Paying for something doesn’t make that any less.
I’m not. This is the toll one pays for getting absolutely free operating systems and programs without any real catch. No one to our knowledge is making money off of data collected by our use of the OS so if there are some bugs like that, I find it perfectly acceptable given the alternative where I pay a license to have windows installed on one computer and also get my data mined by Microsoft and my data sold to thousands of third parties.
Never mind the fact that paying for a license doesn’t guarantee it won’t break. In my experience, every Linux distro I’ve used has been much more solid than all Windows versions since Windows 8.
Did you experience the Silverblue issue on a ublue image? We mitigated that last month so you should only have one problem or the other, not both.
Yeah. I use Aurora on my laptop, but, to be fair, I don’t reboot it as often. Maybe every 2-4 weeks I guess.
I saw the announcement about the failing updates, tried to update my system, and that went as announced, failing to verify.
I then executed the script, updated my OS successfully and rebooted.The system worked fine now for a few days. Yesterday I shut off the device, and today I got greeted by the failed secure boot, having to resort to the image before and fix it.
On my gaming PC I use Bazzite, but I didn’t turn the PC on the last days. I only executed the update-fix-script, installed the pending updates, played for half an hour and then shut it off again.
I will keep you up to date with the results once I come home.
Btw, I asked my partner about her opinion on this. She said that problems like this may happen anywhere, no matter which software, and as long as the devs announce that and offer a simple fix, there’s nothing one can do about it.
She only suggested a small “news channel” built into the OS.
Do you think that might be possible to integrate, for example into the MOTD in the terminal? I don’t know if there are possible solutions out there.She only suggested a small “news channel” built into the OS.
Yeah we’re working on that here: https://github.com/ublue-os/bluefin/issues/1485
The failure with secure boot afterwards is news to me, we’ll investigate, thanks!
oh hey, you’re on here. Absolutely stoked to see a co-maintainer of my favorite linux is also on my favorite social media!
Thanks for the fantastic work on uBlue.
Upstream Fedora is pretty bad with troubleshooting.
I honestly think the traditional Fedora with dnf is bad. I tried it and it was a pain. But the packages are pretty nice.
The issue is: Fedora is a testing platform. Their kernels are fresh. Fedora Atomic is not a finished product (and also not marketed as such in any way).
uBlue literally uses unreleased quay OCI images of Fedora atomic. They are built, but not used. The official ones are not even signed.
Fedora is not a stable distro at all. So they should focus a lot on
- testing if the damn kernel boots on real hardware
- having easy and always accessible fallbacks
- having troubleshooting help everywhere
Also, as most problems are because
- outdated grub (fixed soon with F41 likely, only on atomic)
- too new kernel
- weird kernel module stuff
- rpmfusion sync issues
Many problems can be avoided by using a different Kernel!
Kwizart maintains the official LTS Kernel, built for Fedora, CentOS and RHEL
Replacing the kernel with this may be a solution for many problems
copr enable kwizart/kernel-longterm-6.6 rpm-ostree install kernel-longterm
Not sure if then both are kept.
My takeaway was add https://universal-blue.discourse.group/tag/announcements.rss to my rss reader (already had fedora) and I’m happy I’ll know when I need to, still for those of us who support non-technical users on these platforms it is indeed problematic.
OTOH, this is the first time I’ve had non-nvidia (sleep broken on my desktop, just rolled back and held updating for a while, no big deal) update problems in two years, which is pretty outstanding for a new rolling distro, and gives me confidence in the architecture. Shit happens I guess, but it was quickly and publicly sorted, also trust building…
This should be done out of the box. The implementation depends on the desktop.
Which is why for quality assurance, at most 2 desktops should be supported and prioritized like that.
I agree that Fedora Atomic NEEDS a way to have GUI messages via an RSS feed arrive to all users by default.
KDE Plasma has an RSS widget by default I think. Will open a discussion about that.
Yeah, it all still is more experimental than I’d hope. The whole reason I’m using Silverblue is low maintenance and less risk.
The plus side is that it didn’t render my system unusable - I could boot into the old version. But hopefully lessons will have been learned, and this will happen less often in the future.
Keep an eye on CentOS bootc
And the CentOS hyperscale SIG (Youtube presentation, newer update) is basically taking CentOS and backporting or just using tons of Fedora packages on there, for better performance.
I think they use the Fedora Kernel which would still be problematic, as the current 6.6 LTS kernel is still way newer than the 5.14 CentOS kernel (with tons of backports).
Or, be like me, and use secureblue (or any other community image) and don’t experience any of these issues.
I think the problem ist accepting that people don’t want to understand or be informed about a thing that their life depends on.
Everything gets more technical so there has to be a basic understanding how things work or else you are fucked in one way or the other.
If you walk on the streets you don’t have to know the max speed on a highway but you need to know how traffic lights work or you get run over.
You are completely right, they’ve dropped the ball. Of course it’s open source, so the devs are not duty bound to keep the system running well. it’s just that my trust is shaken that I could just set up grandma’s computer with this and not need to maintain it…
These days even Apple and Microsoft struggle with testing their updates and pushing out updates that are not broken or system breaking. Maybe the grans of the world should just become more tech savvy. ;)
Then again if long term Fedora immutable systems only fail like this once every two years, then we are not really worse than needing to deal with Windows Rot.
I am. Cant boot after update because of secureboot stuff
I don’t see atomic systems on desktop computers. They make sense on more embedded and stable systems that still need eventual updates like ATMs and industrial machinery control panels but not desktops. Atomic systems kill customization that is one of the core advantages of Linux. Probably it also has something to do with my not-so-enthusiastic opinion on Flatpak idk.
No Atomic systems make all sense.
They are literally the reason why an unstable distro like Fedora is robust.
Customization is all done on the mutable areas, home partition etc. A new user profile equals a new vanilla desktop.
Yes, you cannot mess with the core architecture of the OS. Things need to be centralized.
But you realize, similar to GNOME removing theming, that if you have one way that everyone can test, you have way less bugs.
As a KDE user I would be really fine having way less customizability and more stability. I am very fine with the default in most cases.
A well designed system does not require customization, and to be an OS used by the world, Linux needs good defaults.
I agree that this is a very valid reason but I don’t think most of the people see their OS that way
Which is still irrelevant for OPs thread. It is actually the opposite. The more you diverge from upstream, the more you need to vendor your changes.
That means if your mums PC breaks, you are responsible ;)
This is not relevant to the topic about issues with the stability of atomic desktops
I’m always surprised by the toxicity of Lemmy. Anyways I think it was relevant to the topic because the OP asked for opinions on atomic systems. Are you arguing because you have a drastically different one?
No, I understand your points. I may think you need to specify what you mean by “customizable”. A lot of stuff users normally do, like theming, installing random stuff etc, works. You can layer, build your own image etc.
But this is not the point as OP was frustrated about having an OS that even though promising to be reliable still breaks.
And whining about “oh I cant tweak it” is just not at the correct place there.
But of course my answers were kinda harsh, sorry for that. But these issues are really nonissues if your priority is having a working system.