Hacker News Re-Imagined

Amazon Linux 2022

  • 115 points
  • 6 hours ago

  • @gtirloni
  • Created a post
  • • 61 comments

Amazon Linux 2022


@staticassertion 2 hours

Replying to @gtirloni 🎙

Looks interesting. SELinux by default is certainly a win, it seems that Linux has finally hit a tipping point where SELinux is a reasonable option (ie: someone else is going to do the work for you).

Unfortunately I'm just way more used to debian based systems, and I feel like having a mismatch in production would just lead to friction.

Reply


@saurik 2 hours

Replying to @gtirloni 🎙

Why do people choose Amazon Linux over, say, an Ubuntu LTS?

Reply


@Shadonototra 3 hours

Replying to @gtirloni 🎙

I can see linux eclipsing all the current OS's, it already happened with smartphones, IOTs and the other little things (i forgot how they are called)

Only remaining piece is the desktop segment

macOS has a unix environment, so it'll stay relevant (for how long?)

windows has WSL, it's slow, i don't see myself using it since the host OS is a giant piece of shitty crap

MS missed a chance with Win11, they could have went full steam ARM with a Linux Distro, 100% native Android support, 100% cloud native support, 100% unix support as a host OS, i wouldn't use it myself because i despise the company and its culture, but i can see potential, and i smell a huge missed opportunity

Amazon it getting it right, even thought it's exclusively targeting for cloud usages

Marketing wise it's great and consistent with their offering

Reply


@shaicoleman 4 hours

Replying to @gtirloni 🎙

TLDR:

* Will be released on a predictable schedule every 2 years, supported for 5 years. Minor releases every quarter.

* GA will be based on Fedora 35. Preview is currently based on Fedora 34

* There's no official statement regarding compatibility with Fedora packages

* SELinux will be enforcing by default

* Kernel will be a kernel.org longterm version, not the Fedora one

* VM images/docker containers will be officially available when GA. For now you can download images unoffically [1]

* Unofficial ETA is Q2 2022. For reference, AL2 is currently officially supported until June 30, 2023.

1. https://news.ycombinator.com/item?id=29344927

Reply


@rubyist5eva 1 hour

Replying to @gtirloni 🎙

An LTS distribution based on Fedora (and NOT RHEL) is something I've been wanting for a long time, but I don't think this is really gonna be for the non-cloud general use case?

Welp, better luck next time.

Reply


@vosper 2 hours

Replying to @gtirloni 🎙

Perhaps someone could give me some advice?

I work alongside a small team maintaining quite a lot of machines on AWS. They're struggling (IMHO) to manually apply all of the security patches their scanning tool identifies. My theory is that Amazon Linux gets patched frequently, and so they'd be better off spending time normalizing our EC2 infra so that every instance is running Amazon Linux, and then work on an easy rollout mechanism to deploy the latest version.

Has anyone got any thoughts on this? It wouldn't obviate the need for patching completely, but I feel like AWS is already doing some of this work for us, so we should take advantage.

Reply


@mark_l_watson 6 hours

Replying to @gtirloni 🎙

On AWS, I always now use Amazon's Linux distro. They also maintain their own version of OpenJDK.

As skeptical as I am about huge tech corps like Amazon, Google, etc., I have to admit I enjoy being their paying customer - nice experience. I find GCP and AWS a pleasure to use.

Reply


@cpach 3 hours

Replying to @gtirloni 🎙

I don’t understand why this is based on Fedora. Isn’t that more of a desktop distro…? And this seems more aimed at virtual machines running on EC2…? Or am I missing something?

It’s also interesting that at the same time Amazon is sponsoring Rocky Linux: https://rockylinux.org/sponsors/ (Which is based on Red Hat Enterprise Linux.)

Reply


@iou 3 hours

Replying to @gtirloni 🎙

I'm a big SELinux fan and user.

Enabling it won't in itself secure your company's applications, as the default policies in Fedora only apply to installed services (e.g ssh) that have a policy written for them.

This is probably right on the boundary of the shared-security-model, but I think it would be great if they also offered easier ways for application developers to leverage the advertised feature.

Reply


About Us

site design / logo © 2021 Box Piper