When Root Meets Immutable: OpenBSD Chflags vs. Log Tampering

https://rsadowski.de/posts/2025/openbsd-immutable-system-logs/

When Root Meets Immutable: OpenBSD chflags vs. Log Tampering https://www.undeadly.org/cgi?action=article;sid=20250718072438 #openbsd #immutable #chflags #logs #logtampering #security #hacking

I restored Discover to my Bazzite install using a Systemd-Sysext. Essentially a sub disk image that is loaded during boot of the immutable system, that way you dont have to layer all the plasma components this would usually require!

Neat! No shade to the #bazaar devs

If people want instructions I guess I can write something up over the weekend

If you wanna chat about #immutable OS stuff in the context of #postmarketOS, join us!

Matrix: #immutable:postmarketos.org

IRC: (if there's demand maybe @fun can help me get it bridged to IRC )

Am I missing something, or when people talk about #immutable #atomic distros being the future, aren't they forgetting that these distros still need their parent mutable distro to exist?

Tuple instead of Lists in Python:
Use a tuple instead of a list in Python when you need an immutable, hash able, and faster collection of fixed items.
#PythonTips #PythonTuple #LearnPython #PythonDev #CodingTips #Immutable #PythonCode #DevLife #TupleVsLis

We're excited to share that MocaccinoOS is now listed on @distrowatch!

We're building an independent, immutable Linux distribution — no corporate backing, no upstream spin-off.
From the toolchain to the infrastructure, it’s all built and maintained by us.

Check it out and help spread the word!
#Linux #DistroWatch #FOSS #Immutable #Independent #MocaccinoOS

https://www.mocaccino.org/

Rocknix is an immutable Linux distribution for handheld gaming devices

https://rocknix.org/

Has anyone tried out the #ubuntuCore #desktop? This project feels like it is never going to be ready and never released for general use.

#Ubuntu #Immutable #AllSnap

https://cdimage.ubuntu.com/ubuntu-core-desktop/24/edge/20250604/

I just read https://lwn.net/Articles/1020571/ in which is

One thing that has been a bit of a pain point, Wick said, is that nested sandboxing does not work in Flatpak. For instance, an application cannot use Bubblewrap inside Flatpak. Many applications, such as web browsers, make heavy use of sandboxing.
.
They really like to put their tabs into their own sandboxes because it turns out that if one of those tabs is running some code that manages to exploit and break out of the process there, at least it's contained and doesn't spread to the rest of the browser.
.
What Flatpak does instead, currently, is to have a kind of side sandbox that applications can call to and spawn another Flatpak instance that can be restricted even further. ""So, in that sense, that is a solution to the problem, but it is also kind of fragile"." There have been issues with this approach for quite a while, he said, but no one knows quite how to solve them.

Notwithstanding the rise & rise of numerous #atomic / #immutable distros, which thus rely heavily on flatpak usage by users, i still substantially prefer "traditional" mutable distros, & native pkgs.

After reading this article, & attempting to understand it [not my area of expertise at all], i feel even more motivated to keep avoiding running any browser as a flatpak version.

Thoughts pls, from others who would certainly have a better understanding than i?

Question to the #fedora #immutable #silverblue #kinoite folks:

Since version 42 the root filesystem seems to be composefs. What would be the proper way to create a directory in this filesystem?

Asking for a nix systemd unit that now fails to create this, so there is no Nix store on my machine anymore... :-)

Manjaro Summit

Die semi-immutable Distribution mit atomaren Updates geht in den Alpha-Test.

#Manjaro #immutable #atomar #Linux

https://gnulinux.ch/manjaro-summit

Manjaro Summit als Alpha verfügbar
https://linuxnews.de/manjaro-summit-als-alpha-verfuegbar/ #manjaro #gnome #immutable #linux

For some reason Meshuggah remastered their latest album, which is, ironically, titled "Immutable". I guess that's easier than putting out an actual new album. They added some live songs at the end, because every studio album experience needs to be destroyed by having less-good versions of the same songs tacked onto the end.

I like a good live album, *sometimes*, but live tracks tacked onto studio albums is always a bad listening experience.

Immutable Cleared as SEC Drops Crypto Token Investigation - The U.S. Securities and Exchange Commission (SEC) dropped its investigation into W... - https://news.bitcoin.com/immutable-cleared-as-sec-drops-crypto-token-investigation/ #regulation #immutable #web3

SEC Drops Investigation into Web3 Gaming Firm Immutable - The U.S. Securities and Exchange Commission (SEC) has dropped its investigation into Web3... - https://www.coindesk.com/policy/2025/03/25/sec-drops-investigation-into-web3-gaming-firm-immutable #immutable #policy #sec

I am thinking about #immutable data backups. No software solutions that malware or ransomware can get around. Something old school with a physical lock on it, think the tab on a casset, or switch on a 2.5' floppy.

Is the only equivelent in the modern day the large format SD (SDXC) card? What other options exist out there for home use?

"Machines that are SSHed into are marked as dirty and reprovisioned within 24 hours" #Sysadmin #Immutable #ButNotQuite

Hello from Ultramarine on bootc!

(Ultramarine Atomic GNOME 41, development build) #tech #fedora #bootc #atomic #immutable #immutablelinux #ultramarine #ultramarinelinux #foss #linux