Don’t get me wrong. I absolutely love Fedora Atomic (Silverblue, Bazzite, Kinoite, Aurora, IOT, etc.), more than any other distro I used, and I plant to continue using it.
It never made any problems on any of my devices, and because it is pretty much indestructible and self-managing, I even planned to install it on my Mum’s new laptop, in case her current one (basically a toaster with Mint on it) breaks.
But with the last days, my trust is damaged quite a bit.
First one, where I couldn’t update anymore on uBlue, because of faulty key pairs. This is a huge thing for me because uBlue updates in the background, and if I wouldn’t have read it here on Lemmy, I would have found out way too late, which is a security risk imo.
And now, my devices weren’t able to boot anymore due to some secure boot stuff.
Again, if I wouldn’t have subscribed the Fedoramagazine, I would have noticed it way too late.
I was able to just boot into an older image and just paste a few commands from the magazine’s post, and it was resolved in just seconds (download time not included).
Both instances were only a minor thing for ME.
But both would have been a headache if I wouldn’t follow those blogs, which is a thing only nerds (like myself) do.
Nobody else cares about their OS, it is supposed to just work, hence why I use Atomic.
I don’t wanna blame the devs (both j0rge/ uBlue and the Fedora team), they were very quick, transparent and offered very simple fixes.
And, being able to just boot into an older image, just in case, is something I am very thankful for, but nothing I want to depend on.
Having to be informed about stuff like this and then having to use the CLI is just a no-go for most people.
Am I over-reacting about this too much? What’s your view on those things?
They owned up to it, and immediately dealt with the issue.
It’s open source, free, and run by volunteers who bust their asses to make these releases happen. I wouldn’t worry too much about it if it’s been working the other 99% of the time for you, and this one issue has you on the fence about it…
I agree, mistakes and vulnerabilites happen in all software commercial and open. Now I can only speak for RetroDECK but, we also make mistakes and need to do minor patches to fix those.
I think Jorge and the team handled it as you should: Be transparent, inform on all channels they can and learn from your mistakes.
Me personally have full confidence in them.
Those that try to hide or shift blame of mistakes are a bigger red flag in my book.
No, that’s not at all true.
Red Hat owns the Fedora brand, sponsors the project financially, technically, and with some infrastructure, but does not own the project, nor pay everyone involved. Aside from a project lead here or there, it’s all community run. Literally anyone can contribute or volunteer.
If Red Hat were to stop officially supporting Fedora tomorrow, can you guarantee the project will still survive?
Can Android/AOSP survive if Alphabet were to give up on it tomorrow?
Fedora is Fedora and uBlue is uBlue, a separate project. Blaming Fedora for uBlue issues is like blaming Ubuntu for Mint issues.
And on Silverblue issues on updated happen from time to time. On immutable distros such issues won’t break the system unrecoverable, this is the whole reason for immutables, but there are no promises for lacking of issues.
And you are disappointed because you have encountered two different issues at once. But it is a purely random event, and I have not noticed any changes in frequency.
But saying about Silverblue, I think probably it doesn’t get much attention from the Fedora project lately, because few recent releases didn’t have any improvements either.
The beauty of Fedora Atomic is that anyone effected by the recent update (including me) could simply rollback to the previous image and boot as normal in order to troubleshoot. This is exactly why nearly all of my devices are running Silverblue or Kinoite now.
I think it’s worth mentioning that significant bugs happen across all major OS platforms.
Recently, Microsoft pushed a patch requiring effected users to manually resize their EFI recovery partition. Shortly after that, it was announced that all Apple Silicon Macs suffered from an unpatchable vulnerability which can defeat encryption. These are just a couple of examples from recent memory…there are many others.
To truly avoid serious software vulnerabilities or bugs is to avoid software entirely. Operating systems are highly complex, multilayered software, and shit happens.
As someone who works in an environment with many Windows and Linux VMs, I can pretty accurately state that Windows updates have caused far more critical problems than Linux ones over the past 2 or 3 years. Microsoft’s Patch QC has been AWFUL. (Print Nightmare fixes caused ongoing problems that are still breaking printing. You mentioned the EFI change, there’s also patching completely failing for machines that had too small a recovery partition. Fine if there was none, or it was large, but all updates fail after that if your machine has a partition that Windows itself silently created.) There’s literally dozens of major Windows update failures recently.
As you say, shit happens. Paying for something doesn’t make that any less.
I’m not. This is the toll one pays for getting absolutely free operating systems and programs without any real catch. No one to our knowledge is making money off of data collected by our use of the OS so if there are some bugs like that, I find it perfectly acceptable given the alternative where I pay a license to have windows installed on one computer and also get my data mined by Microsoft and my data sold to thousands of third parties.
Did you experience the Silverblue issue on a ublue image? We mitigated that last month so you should only have one problem or the other, not both.
Yeah. I use Aurora on my laptop, but, to be fair, I don’t reboot it as often. Maybe every 2-4 weeks I guess.
I saw the announcement about the failing updates, tried to update my system, and that went as announced, failing to verify.
I then executed the script, updated my OS successfully and rebooted.
The system worked fine now for a few days. Yesterday I shut off the device, and today I got greeted by the failed secure boot, having to resort to the image before and fix it.
On my gaming PC I use Bazzite, but I didn’t turn the PC on the last days. I only executed the update-fix-script, installed the pending updates, played for half an hour and then shut it off again.
I will keep you up to date with the results once I come home.
Btw, I asked my partner about her opinion on this. She said that problems like this may happen anywhere, no matter which software, and as long as the devs announce that and offer a simple fix, there’s nothing one can do about it.
She only suggested a small “news channel” built into the OS.
Do you think that might be possible to integrate, for example into the MOTD in the terminal? I don’t know if there are possible solutions out there.
She only suggested a small “news channel” built into the OS.
Yeah we’re working on that here: https://github.com/ublue-os/bluefin/issues/1485
The failure with secure boot afterwards is news to me, we’ll investigate, thanks!