FreeCAD is good, but maybe more complicated than you're looking for.
You might want to try draw.io / diagrams.net . It can be used in the browser or as a standalone application
The Paradox of Tolerance disappears if you look at tolerance, not as a moral standard, but as a social contract.
If someone does not abide by the terms of the contract, then they are not covered by it.
In other words: The intolerant are not following the rules of the social contract of mutual tolerance.
Since they have broken the terms of the contract, they are no longer covered by the contract, and their intolerance should NOT be tolerated.
(Shamelessly copied from @itsOasus on Mastodon )
It's not just about malware, but more about system stability and avoiding breaking your system by bad updates. Updates are atomic (all or nothing) Ideally if something goes wrong, the update isn't applied at all. If you manage to boot to a bad config, you can fix it by rebooting in to the previous known good config.
This is immensely valuable for appliance-type devices that aren't meant to be "administered" by end users, like the Steam-deck, set top boxes, even Android phones. For laptops / desktops I'm sure it has some value for people who want a stable base, with newer flatpak/AppImages for day to day use.
As for how updates and system packages are installed, I can't answer the specific technologies used, but I believe the principle is that an entirely new/complete filesystem "image" is created / layered on top. Then you reboot to the new image.