296
Principal Skinner on Immutable Distros
(infosec.pub)
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
We've known since the 1950s that our configurations should be declarative, to make them resilient to necessary changes to our software stack.
Instead of coding exactly what change needs made, we ought to write a config that declares the intended outcome, and then do extra work to write code that correctly interprets that config. This way when all the commands we used stop working (and they do!), we still know the original intent of the configuration.
But making config management declarative is a lot of work. So fuck that noise. I'll do it in bash, instead, again.
Nix actually IS Bash under the hood. It uses Perl and Bash to create an atomic installation. I tend to do a LOT less maintenance than I’d need to do if I rolled everything from scratch in Bash.
That explains why Nix despite being parallelized takes a long time to install packages and rebuild the configuration.
Oh, the meme really is about Nix then? I assumed it was about C.
I guess IT has a lot of holding into old ways going on.
Yes for sure. Actually Nix is pretty long in the tooth and there are better implementations of Eelco’s brilliant idea. It’s just that they have a lot less effort, ubiquity, and hype behind them. GUIX is a good example of that. They literally can build an OS from scratch. I find Nix to be rock solid, so I stick with it. But, it’s an idea (all dependencies being content addressed in an immutable folder structure) to allow complexity that isn’t even achievable on FHS style systems.
For example: THE main feature is that you could have a different version of say Python (for the sake of this example) installed for each dependency in your system and they would just work alongside each other due to their unique, hash based folder locations. Each folder is named based on the sha256 hash of the dependency graph, which has powerful implications. Because of this hash, they’re effectively hermetically sealed from each other and cannot step on each other. This is the very definition of Nix and taken far enough to define a whole OS is SUPER powerful concept.
Shit, I’m rambling. Maybe I’ll pause to let you guide my rant. ;)
What is a better implementation than NixOS? Guix is held back by the fact that it's GNU only by default, and that it also compiles everything on your machine by default. You have to go out of your way to add a binary cache and speed up the install. That's after you go out of your way to enable non-free packages so that your hardware can actually work with the right firmware. If someone made a version with those enabled by default things would be way quicker to setup and use
Sweating hard in Gentoo
Gentoo isn't immutable or declarative afaik
No, but it already supports multiple versions of software.
Though I would argue that many systems have dependency cache that should be replicable, specially when you build everything locally, you can pinpoint specific commits, not just versions that may be removed from repos.
But my comment was meant as a reference to building everything locally, as in I know what that's like.
Is there a article about this I can find more info about this?
It's a brand new topic for me and I just read this one from a previous comment. And trying to learn more.