Setting yourself up for success before trying Fedora Silverblue

I went on the Linux Downtime podcast to talk about this, consider it the audio version of this post.

TLDR: Fedora Silverblue is a variant of Fedora, however there seems to be confusion on exactly what the day-to-day differences are. In this post I hope to go over some of the ways that you can set yourself up for success, set realistic expectations, and then try it. And hopefully save yourself some time.

Before we start, I maintain a list of awesome immutable links that you should check out, and don't forget to check out the distro documentation for either Fedora or OpenSUSE's microOS if that's your flavor.

A normal GNOME desktop, Fedora host, with Arch and Ubuntu toolboxes. S-tier combo.

Recognizing the Model Shift

OSes like Silverblue are a shift from how people traditionally use "Linux desktops". If you think you're going to shift to Silverblue and just use it like you use Linux today then you're going to have a bad time. This is a a paradigm shift, you will need to change some things, and learn new things. If you're patient and recognize the reasons for changing how you operate your computer you'll have a better understanding of why things are.

If you're a new user and don't have any habits to break, then this might be a good starting point – however this technology is fast moving, those of us who have been using Linux for years are only now just starting to realize the potential here, and in most cases you're better off with the mountains of documentation for the more traditional methods.

It's still just a Linux Distro

Just about everything I do on Silverblue is the same as I would do on normal Fedora, the differences are small in the grand scheme of things, but those small changes are totally alien compared to the old way of doing things. Lots of the criticism around this style of OS is around the "limitations", however I see them more as seatbelts.

Before F1 implemented the Halo a loud group of people thought "it was ugly" and took away from the sport. Alonso, Grosjean, and Hamilton all escaped serious injury and now we can't imagine drivers being subjected to that level of risk. BTW, we're still at the "the halo is ugly" phase, but that's only because we've normalized blaming users for not being sysadmins.

The Old Model vs. The New Model

You're probably familiar with the old model. You have a distro, try to package the universe, and whatever can't go in goes into third party repos. I now firmly believe this model no longer works for desktop/client. The entire modern world was built on mutable distributions, but those are maintained by professionals. So no, your CentOS, LTS, or whatever isn't going away, and I'm not saying it should.

The old model has been adapted to give people what they want, but it was never designed to handle the needs of what desktop users need in 2021. The entire idea revolves around you upgrading your entire operating sytem every X years and all the software comes along with it. But then things like GitHub came around and the amount of software exploded seemingly overnight, the model stopped working reliably.

The old model was adapted. PPAs were invented and external repos were now delivering end user apps, leading to conflicting dependency issues. Your distro could individually update packages, but it's expensive. As in, you need a fulltime engineer who's entire job is "backporting Firefox". There's no way that has scaled. It became common for people to just think it's fine to add entire external repositories for things like Slack, Zoom, and Discord. To make things worse everyone just kind of conveniently swept the fact that you're giving these organizations root on your computer!

The new model is a slim, core operating system so that it can be maintained easier, smaller attack surface, immutable parts of the filesystem, and all of the benefits that you've read about. It can (and should!) retain the same lifecycle as the old model. Since it doesn't come with the universe we can reduce QA load and concentrate on the important pieces. We are kicking the end user applications out of this part of the OS, they will live in another layer now.

The apps are then decoupled from the base OS, which means we can now isolate those. And since they no longer have system level access except through well-understood interfaces, I am now fine with Slack, Zoom, and Discord upgrading at their own rate, they no longer have the permissions to affect my system. No more having to upgrade off an LTS because I need a new feature in LibreOffice.

Remember, application packaging still happens, it just happens at another layer. This work is in-progress, and depending on your use case, could be a deal breaker, so let's see if this is for you.

Prep Work

Here's a great way to see if this is for you. Take whatever distro you have, and then flip the model on yourself voluntarily. Flatpaks can run on any distro, install them for applications you use, and see what limitations you run into.

If you're already on Fedora you can just start using toolbox and flatpaks. If you want to turn your Ubuntu into a much more reliable experience, after a clean install turn off universe and multiverse and use Flatpaks instead (or snaps, they're decoupled too). Don't even think about touching/etc/apt/sources.list and /etc/apt/sources.list.d. If you don't have the discipline learn about chattr +i. (I'm only being half serious on that one). I can already hear the gnashing of teeth, but it will be way more reliable, especially on upgrades. Set up distrobox or LXC to get the debs that you need and learn to throw away containers instead of installing things on your host. And don't worry, 22.04 will include podman and toolbox, which means that even if you decide to not move to the new model entirely that you can still get all the workflow features.

However you do it, learn to be comfortable in the new model, without leaving the comfort of the old one. And THEN when you decide to try Silverblue you'll be a bit more comfortable and not generating anxiety for yourself.

Recognizing the old habits

If you try to bring the belief system from the old world to the new, sometimes this can lead to conflict. If you read the internet you might see some of the common complaints about systems like this.

When I decided to try this I went full conversion, I did the research for about 3 months before I decided to format the world. There is now only one mutable OS in my entire life, my Ubuntu 20.04 NAS. (Gotta have ZFS). Everything else server related is Flatcar Linux, but that is a story for another day.

Now that I've been dogfooding Silverblue-only for 6 months. I'd like to address the concerns people have with my own interpretation. I too had these concerns but have changed my mind on most of them, and as Marco would say, adamently so. :ironic_smiley:

Doing everything in containers is annoying. It is at first, but as someone who has lived through the immense productivity gains on the cloud side of the house and watched distro developers move to this model it is worth it. We all started with ugh this is so annoying why do this to "I can't believe I wasted all this time not doing it this way." It might not be for you, but give it a fair shake.

There are warts here, especially around IDEs like vscode. There is work being done that makes this more convenient, but that can be a hard blocker depending on what you do. I compromise here and layer vscode and it's installed system-wide, not ideal but it unblocks me and it's not any worse to what you're probably doing today and we don't want perfect to be the enemy of good.  

If you're a developer and have never moved to a container workflow, then you're in for a treat, and I mean that in a positive way. You probably know someone who works this way already, ask them, and then try it for yourself!

I can't install extensions! It'd be great if the GNOME Extensions app handled this. Gnome Software has done so in the past (at least it did on Clear Linux). I was fine with this before, but allowing a website to install scripts to alter the behavior of my desktop in 2021 is going to be a hard pass for me dawg. I use the gnome-extensions CLI tool to crutch myself past this.  EDIT: Someone has pointed out that by default you won't have this problem in Fedora unless you remove the distro Firefox via an overlay, which I do because I prefer to install the firefox/ffmpeg flatpak combo instead of adding RPMFusion. YMMV. Another Update: Check out extension-manager.

What I want isn't in a flatpak! This is why I wrote the try-it-first section, you can save yourself a bunch of hassle by trying it first before committing. For me it was when flatpak 1.12 landed and most of the limitations with Steam went away. And even though they're in beta having Chrome/Edge/Brave available has removed a blocker for lots of people. But that's changing every day and as more software lands in there it'll get better. Random .deb that only works on 16.04 or CentOS 4 or whatever can go in a toolbox.

I can't add a new disk to Steam, this is taking away my freedom! In this new world we don't want applications just being able to do what they want, do what you gotta do but ask me first. Typing in flatpak override --filesystem=/var/home/jorge/steam com.valvesoftware.Steam isn't awesome. The real solution is when you click on the Add Library button in Steam a GUI popup should just ask you if you're cool with that. Again, this is just something that isn't finished yet, you're still better off this way once you get past the papercut because in a few years we'll wonder why we ever let Steam (or any other application) just be able to have access to my disk without asking.  

Rebooting Sucks. Yeah, it does. However I found that this also was less annoying in practice than it was when I first heard it. I've learned to just shutdown my work PC on Fridays and the personal machines when I'm not using them.

My favorite desktop is missing. You're correct, right now your choices are GNOME and KDE. Not alot of variety here, you can't just move to this model, there's low level distro work that needs to happen, so naturally the larger projects will end up here first. However people are smart and it's all OSS, it's only a matter of time.

You're throwing away all the value of the distro, app developers don't know how to package! If you're using a linux desktop professionally, like for work, there are very few of us who can actually use only-distro packages. People need Teams, Slack, Zoom, Chrome, Edge, etc. and all sorts of stuff. Your distro maintainer is not reviewing these packages.

Next time you install one of these take a look inside, you're not going to like what you see, it's all just bundled copies of stuff that your distro provides. They're going to do this anyway so you know what, fine, you just don't get root on my machine anymore I'm going to box you off from the rest of my system.

Tying it all together

In conclusion, some of these things might be a deal breaker for you. However, you'd be surprised how much complexity you can remove from your life. Wait what did I just say? Yeah, once I got past the hump I've actually simplified it all. I had to learn new things, but having the reliability of ChromeOS with the flexibility and power of Fedora and the ubiquiti of Ubuntu packages via toolbox is really nice, if you're a distro nerd you should try it.  

Here's a funny benefit I learned that I wasn't expecting to: I am able to help other people way more efficiently, AND more correctly.  Now instead of trying to walk through someone unbricking their entire machine because they added a Python PPA, I can quickly fire up the container (within seconds) add the PPA myself, and totally dive in and use my knowledge to help the person get what they need.

I'm fixing a problem that would have been gnarly to fix, except now I have no fear because when I am done I throw it away, I don't have to undo a mess because I've got that clean seperation.

We have been here before...

And even if they don't end up moving to this right away, they will leave with the lesson that even if they keep their old distro that doing the work in a container would have saved them from a bricked laptop.

But we all know that the real lesson is that the system Python should be immutable, and that's a great Halo to protect ourselves with.

When I learned to Linux, it was common for you to just go to your PC, and then log in as root, right in the GUI. Many of the same arguments you hear from people who think normal desktop Linux is "fine the way it is" are the same arguments we heard back then when distros finally fixed this. "You should know what you're doing." "This is a powerful tool not a toy" "If you accidentally delete something important then it's your own damn fault" and so on.

Looking back many years later can you imagine normal people using systems like that? Can you imagine going to a conference and having the presenter hook up their laptop to present while logged in as root? They'd be laughed out of the room. I think it's time for us to think longer term, dive in and help out, and iron out the bugs. Feel free to reach out to me on Twitter with questions and I'll do my best to help out.

Show Comments