
EasyOS: An experimental Linux distribution designed from scratch for containers - alexellisuk
https://easyos.org
======
AnIdiotOnTheNet
After spending a scant few minutes looking at it, here are the things I like
about this project so far:

\- It has a "How and why are we different" page. In the age of "I made a meta
package on top of Ubuntu and called it a new OS", it's refreshing to see a
Linux distribution come right out and say "here's what we do that separates us
from the other 700".

\- It actually is different. Recognizing the nigh-uselessness of separate user
accounts (for personal computers), embracing of simple GUI tools over terminal
wankery, eschewing of the legacy UNIX file hierarchy.

\- They use the ROX filer, the only file manager for Linux with AppDir support
and the centerpiece of the unfortunately long-defunct ROX Desktop.

I'm anxious to find out more.

~~~
msla
> embracing of simple GUI tools over terminal wankery, eschewing of the legacy
> UNIX file hierarchy.

So you're telling me I have no tools and no existing tools are going to work.

Good to get that out in the open, I suppose.

~~~
AnIdiotOnTheNet
God forbid someone not create another Ubuntu derivative that isn't
substantively different than every other Linux distro on earth, right?

~~~
msla
Do you have a point to make about how this is _better_ , or is this change for
the sake of change?

~~~
AnIdiotOnTheNet
GUI tools provide significantly better discoverability, for one. The file
hierarchy is a mess to put it mildly.

~~~
msla
Discoverability is only possible if the tool is trivial. Otherwise, you have
to hide functionality inside the UI to prevent the creation of an unusable
mass of buttons on the GUI's main screen. This also kills fluency, by
preventing people from developing muscle memory.

------
sandGorgon
Fedora Silverblue is already semi-production ready
[https://silverblue.fedoraproject.org](https://silverblue.fedoraproject.org)

[https://fedoramagazine.org/what-is-
silverblue/](https://fedoramagazine.org/what-is-silverblue/)

[https://docs.fedoraproject.org/en-US/fedora-
silverblue/toolb...](https://docs.fedoraproject.org/en-US/fedora-
silverblue/toolbox/)

~~~
mdaniel
I waved off Silverblue when I learned one must reboot to install packages.
Maybe that's not a big deal with a server OS, but having to unlock the full-
disk encryption, then restore my desktop and possibly reauth any apps is a
bridge too far for me. To say nothing of the heartache involved when you
realize that, haha, you didn't know the full package list you needed, so now
you are iterating through that process.

------
andridk
If everything is a container, does that mean processes have failed?

~~~
als0
I’d personally say that the concept of users and user groups have failed, at
least on systems that have only one user.

~~~
dexen
_> the concept of users and user groups have failed_

Hopefully we won't go back to the Win95/98 era of everything running as single
user!

Having services run isolated as their own users is not merely a good security
mechanics, it provides for a clear and simple mental model of what is what. A
clear permissions barrier that's enforced pretty strictly by the OS.

Moreover we see separate user accounts more and more; even on small devices
like phones it makes sense to have, for example, separate "private" and
"business" accounts.

 _> does that mean processes have failed?_

Nah, that's too general of a take. There are two more specific failures. First
up, people fail to realize the present-day crop of containers are re-inventing
processes. "Those who do not learn history, etc, etc."

Secondly, there's a significant failure of certain key features (like IP
stack, FS handlers, etc. - in general, NAMESPACES) having been provided almost
exclusively in kernel, and thusly requiring either superuser access or complex
work-arounds (like FUSE) to manage. Plan 9 did it the right way; on P9,
processes == containers.

~~~
taffer
> [...] services run isolated as their own users [...] provides for a clear
> and simple mental model [...]

How is that a clear and simple model? Are email or printing _users_?

I think the whole discussion is futile without having a common understanding
of what we are talking about. That is:

\- What is a user?

\- What is a group?

\- What is a role?

\- What is an account?

\- What is a service?

\- What is a job?

\- What is a process?

\- What is a container?

\- What is a namespace?

Moreover, you cannot say whether an abstraction is good or bad without knowing
what our goals, use cases or target users are.

------
saagarjha
More interesting link, IMO: [https://easyos.org/tech/how-easy-
works.html](https://easyos.org/tech/how-easy-works.html)

------
kvark
They bought me on "No full install".

I've always been annoyed how Unix systems treat the system as "their property"
with the user just being a temporary guest (if not an intruder).

------
darkwater
TBH, it doesn't look "easy" at all. Plus, why re-inventing the wheel and
create yet another containerization system?

~~~
holstvoogd
> why re-inventing the wheel and create yet another containerization system?

Because that is how we make progress. Try different approaches, learn and
evolve the ecosystem. That is how we got usable containers in the first place,
it's not a new idea and variants have been around for decades. But only now
we've seen it evolve in to something usable.

At least they are trying to solve problems. It might not be the best/right
solution, hell it might not be an improvement, but if we don't try, we will
never learn.

~~~
pushpop
As a long time BSD and UNIX user, I disagree with the premise that containers
have only recently been usable. Even on Linux, solutions like Proxmox made
containers incredibly useful in the pre-LXC / pre-Docker days. And that’s
discounting FreeBSD jails, Solaris Zones, etc which have existed a lot longer.

If anything, Docker just made containers _trendy_ (they gave more talks at
more conversations, etc) when before it was seen as a niche toy compared to
virtualisation which few had heard of and fewer had bothered to look into.
However being trendy doesn’t mean better nor easier to use.

------
nickik
OpenSuse has something like this as well. We are seeing more and more OS go in
that direction.

[https://en.opensuse.org/Kubic:MicroOS](https://en.opensuse.org/Kubic:MicroOS)

------
4ad
> Run as root. This is controversial, however, it is just a different
> philosophy. The user runs as administrator (root), apps may optionally run
> as user 'spot' or in containers as a "crippled root" or user 'zeus'. The
> practical outcome is that you never have to type "sudo" or "su" to run
> anything, nor get hung up with file permissions.

Yeah, no thanks.

~~~
isostatic
Quite, it's ridiculous.

You have individual account for individual people. Use sudo if you need to
elevate permissions - that gets fired over to your syslog server, so if you
screw up you know what you did. If someone else screws up, you can see who it
was and either fix it, or contact them to find out what they were trying to do
(likely both)

~~~
icebraining
Based on the language ("the user") and the focus on the GUI, I think this OS
is designed more for single-user workstations, rather than multi-user servers.
This philosophy of "root by default" is also implemented by Puppy Linux, which
was created by the same person.

~~~
dec0dedab0de
But what would be the benefit of containers on a single-user workstation?

~~~
geggam
From what I can gather skimming instead of using users / groups to isolate
processes they are using containers.

It feels like Linux and windows are converging into a single OS

------
rahulun
Iirc Clear Linux also started as an OS for containers and morphed into a full
functioning desktop OS, let’s how this goes.

------
whydoyoucare
Run as root to avoid typing sudo or su? That is like having a handgun without
the safety! No thank you!

~~~
swiley
Interestingly I've been told by handgun users that this is currently a popular
idea.

~~~
AnIdiotOnTheNet
That's because when you actually need the handgun you'll want it to function
as expected when you pull the trigger. A safety is just extra complication
that provides no significant benefit if you're already handling the firearm
like you're supposed to (which is to say, never pointing it at anything you
don't want to destroy). Even without external safeties, modern firearms often
do contain internal safeties to ensure that they only go off when the trigger
is operated, as opposed to being dropped or something.

------
tmikaeld
So, like Qubes OS, but on an application-level isolation?

~~~
masklinn
Yes, like qubes but without the security.

~~~
icebraining
But also more lightweight, since it doesn't have to run a kernel for each
application.

~~~
masklinn
Running regular processes is even "more lightweight".

~~~
icebraining
A containerized process is a regular process, which just happens to be in a
different namespace from the init process.

~~~
geggam
So your definition of a container is simply the namespaces ?

No cgroups ?

~~~
icebraining
Eh, for the purpose they're essentially the same thing: just kernel metadata
on how to group regular processes.

------
als0
I’m interested to know how this improves on Moby and ContainerLinux, both of
which are “designed for containers”

------
simosx
If EasyOS is specifically for containers, I do not see a container image at
the LXC/LXD repository at
[https://us.images.linuxcontainers.org/](https://us.images.linuxcontainers.org/)

Even Kali Linux has a container image at
[https://us.images.linuxcontainers.org/](https://us.images.linuxcontainers.org/)

edit: If anyone at EasyOS wants to add a container image, see as an example
the PR for Kali,
[https://github.com/lxc/distrobuilder/pull/179](https://github.com/lxc/distrobuilder/pull/179)

~~~
kgersen75
it's because EasyOS runs containers, it's the host. Did you read the post ?

~~~
tssva
Asking if the person read the post adds nothing to your comment and is against
HN guidelines.

