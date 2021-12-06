Language Selection

3 Immutable Operating Systems: Bottlerocket, Flatcar and Talos Linux

Saturday 26th of March 2022
OS
Linux

For those that don’t know, immutable operating systems have been increasing in popularity recently. An immutable operating system is one in which some, or all, of the operating system file systems, are read-only, and cannot be changed.

Immutable operating systems have a lot of advantages. They are inherently more secure, because many attacks and exploits depend on writing or changing files. Also, even if an exploit is found, bad actors cannot change the operating system on disk (which in itself will thwart attacks that depend on writing to the filesystem), so a reboot will clear any memory-resident malware and recover back to a non-exploited state.

Immutable systems are also easier to manage and update: the operating system images are not patched or updated but replaced atomically (in one operation that is guaranteed to fully complete or fully fail — no partial upgrades!)
Immutable systems also can claim to be more stable than traditional operating systems, simply by virtue of eliminating many of the vectors that introduce instability into a system — most of which are human. No sysadmins can “just change this one setting to fix things” — with unforeseen impacts that aren’t found until hours later. (I’ve been that sysadmin.) No partially complete terraform or puppet runs that leave systems in odd states…

On the workstation side, there are approaches to immutable OSes such as rpm-ostree. This attempts to create immutability and image-based deployments in the operating system, but layers a flexible file system architecture on top, so that packages can still be managed and updated by RPM.

On the server side, there is a spectrum of immutability amongst container-specific operating systems. All support image-based OS updates, and no package manager at all. Some operating systems such as Flatcar Linux make /usr read-only, but allow common runtime modifications such as dynamically loading kernel modules, and overriding systemd configurations.

Games: Steam Deck and Wine 7.5

  • 1700 Games On The Steam Deck, with Valkyria Chronicles 4 as Verified - Boiling Steam

    There are now more than 1700 games working on the Steam Deck – (1703 at the time of writing) in two categories as usual: Steam Deck Verified: 912 titles Steam Deck Playable: 791 titles Total: 1703 titles

  • The Publisher with the Best Steam Deck Support - Boiling Steam

    So tracking the number of games over time making it on the Steam Deck is fun and all, but let’s check this time what’s the situation with publishers when it comes to Steam Deck Support: namely which publisher has the most games Steam Deck Verified at this stage? And the answer is…

  • Looks like Valve are adding a feedback system for Steam Deck Verified (update: it's live) | GamingOnLinux

    UPDATE: shortly after, Valve officially announced this new system and it's live now. Valve confirmed they can already grab data on things like crashes but this new opt-in system is to gather more info on the "overall experience". They also said the "data collected by this system won't directly change the Deck compatibility category for a title". So they're not crowdsourcing the compatibility process but checking to see if their process is working well or not.

  • Wine 7.5 is out now with initial OCSP protocol support | GamingOnLinux

    Wine is the compatibility layer that allows you to run games and applications developed for Windows - on Linux (plus also macOS and BSD). A new development release is out with Wine 7.5. It's a major part of what makes up Steam Play Proton and enables a ton of games to work on the Steam Deck. Once a year or so, a new stable release is made.

Security Leftovers

Happy 10th Birthday to the Open Source Robotics Foundation

Ten years ago this week (more or less), the Open Source Robotics Foundation announced that it was spinning out of Willow Garage as a more permanent home for the Robot Operating System. We covered this news at the time (which makes yours truly feel not quite so young anymore), but it wasn’t entirely clear just what would happen to OSRF long term. Obviously, things have gone well over the last decade, not just for OSRF, but also for Gazebo, ROS, and the ROS community as a whole. OSRF is now officially Open Robotics, but that hasn’t stopped all sane people from continuing to call it OSRF anyway, because five syllables is just ridiculous. Meanwhile, ROS has been successful enough that it’s getting increasingly difficult to find alliterative turtle names to mark new releases. To celebrate this milestone, we asked some of the original OSRF folks some awkward questions, including what it is about ROS or ROS users that scares them the most. Read more

today's howtos

  • How to Install Snipe-IT Asset Management Tool on Ubuntu 22.04 – VITUX

    In order to track the ownership, deployment process, and details of all servers, a powerful IT asset manager is required. This can be achieved by installing and using Snipe-IT, an open-source IT asset management tool. In this article, we will discuss the installation of Snipe-IT on an Ubuntu 22.04 server.

  • How to Install Kernel 5.13 in Ubuntu 18.04 from the 20.04 Repository | UbuntuHandbook

    For those sticking to the old Ubuntu 18.04, but need higher Linux kernel version for specific hardware support, here’s how to install the Linux Kernel 5.13 from Ubuntu 20.04 repository. NOTE: Ubuntu 20.04’s kernel package does install and seems running good in Ubuntu 18.04. But I’m not sure if it will cause compatibility issues. Install it ONLY that you do require it, and use it at your own risk!!

  • How To Install Drupal on Fedora 35 - idroot

    In this tutorial, we will show you how to install Drupal on Fedora 35. For those of you who didn’t know, Drupal is an open-source, flexible, highly scalable, and secure Content Management System (CMS) that allows users to easily build and create websites. It is written in PHP programming language and uses MySQL/MariaDB as a backend database. Drupal is available with thousands of add-ons, which makes it highly customizable. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Drupal content management system (cms) on a Fedora 35.

  • Enable/Disable Auto Update & Upgrade in Unattended Upgrades on Ubuntu - TREND OCEANS

    Unattended Upgrades software helps us auto-update and upgrade system packages in the background without user interaction to keep up to date with the latest features and security patches. This feature can be a handful to secure your system with the latest security issues, even ubuntu providing it out of the box with its latest iso. Unexpected background updates can be irritating for regular Linux users. At the time of background update, if you try to install any package or attempt to execute the apt command, you will get a similar error as shown below.

  • Configure SSSD for LDAP Authentication on Ubuntu 22.04 - kifarunix.com

    This guide will take you through how to install and configure SSSD for LDAP authentication on Ubuntu 22.04. SSSD (System Security Services Daemon) is a system service to access remote directories and authentication mechanisms such as an LDAP directory, an Identity Management (IdM) or Active Directory (AD) domain, or a Kerberos realm.

