Vanilla OS Offers a New Take on Security for the Linux Desktop – Slashdot

OS News cheers the first official release of Vanilla OS, calling it “an immutable desktop Linux distribution that brings some interesting new technologies to the table, such as the Apx package manager.”

From the official release announcement:

“By default, Apx provides a container based on your Linux distribution (Ubuntu 22.10 for Vanilla OS 22.10) and wraps all commands from the distribution’s package manager (apt for Ubuntu). Nevertheless, you can install packages from other package distributions…. Using the –dnf flag with apx will create a new container based on Fedora Linux. Here, apx will manage packages from Fedora’s DNF repository, tightly integrating them with the host system.
ZDNet calls Vanilla OS “a new take on Linux that is equal parts heightened security and user-friendly.” Among other things, “the developers opted to switch to ABRoot, which allows for fully atomic transactions between 2 root partitions.”

The official release announcement explains:

ABRoot will check which partition is the present root partition (i.e A), then it will mount an overlay on top of it and perform the transaction. If the transaction succeeds, the overlay will be merged with the future root partition (i.e B). On your next boot, the system will automatically switch to the new root partition (B). In case of failure, the overlay will be discarded and the system will boot normally, without any changes to either partition.
But ZDNet explains why this comes in handy:
Another really fascinating feature is called Smart Updates, which is enabled in the Vanilla OS Control Center, and ensures the system will not update if it’s either under a heavy load or the battery is low. To enable this, open the Vanilla OS Control Center, click on the Updates tab, and then click the ON/OFF slider for SmartUpdate. Once enabled, updates will go through ABRoot transitions and aren’t applied until the next reboot. Not only does this allow the updates to happen fully in the background, but it also makes them atomic, so they only proceed when it’s guaranteed they will succeed.

The only caveat to this system is that you are limited to either weekly or monthly updates, as there is no daily option for scheduling. However, if you’re doing weekly updates, you should be good to go…. Setting aside that which makes Vanilla OS special, the distribution is as stock a GNOME experience as you’ll find and does a great job serving as your desktop operating system. It’s easy to use, reliable, and performs really well…especially considering this is the first official release.
“Every wallpaper has a light and a dark version,” adds the release announcement, “so you can choose the one that best suits your needs.”

