Comment by happyopossum

This OS doesn't says it's maintenance-free! But it skips a whole load of maintenance you'd need to think about with a traditional base system, because 1) there's almost nothing there, and 2) the upgrade to that base is easy, you just reboot and restart your containers.

Obviously the software you run needs upgrades, but (again, but a layer down) it's based on Docker and probably someone else is maintaining it. So you pull that new container, restart and the OS is just making sure your data lands in the same place with the new container.

If you're happy with all your software running from Docker this seems like a step up from a Debian or Redhat, and it has a lot less bureaucracy than something like CoreOS.

Whether it's _usable_ I'm not sure (especially around storage management) but it's a really clear pitch.

I've been telling people this for years. Yes, you can self host, but you'll end up with a SLA on your spare time as well as you working hours.

I've long since thrown everything with a user count > 1 out.

> Nothing is bug free, and telling people they will never need to upgrade/patch/maintain a system is a well-paved path to compromised systems.

Of course nothing is. But there's a reason projects like "Talos" do exist: no terminal, no SSH, no package manager (how do we like package managers like NPM lately btw?), read-only filesystem, definitely no systemd, etc.

And then a minimal number of executables.

This does, definitely, reduce the attack surface.

I'm not speaking about this Show HN's project but there are such things as systems both more secure and requiring less maintenance than others.

Throwing in the towel and saying: "nothing can ever be 100% secure so we'll always need to patch so we may as well YOLO by accepting npm packages modified 3 minutes ago" is not the way to go forward either.