I have a pinephone (not pro) collecting dust, because it’s nowhere near as usable for anything, sadly. But I look forward to linux on phones. I recommend a OnePlus 6 with your choice of linux on phones to be honest.
none of them. I don’t like the idea of putting security updates in the hands of the developers of each individual application I use.
Oh your app only works with an old broken insecure version of the library? Fuck you then, you can’t just decide to install and use the insecure version.
Interesting idea, didn’t think about this before. Still you could argue because of the sandboxed nature, those outdated libraries should’nt be much of a problem?
sandboxing protects apps from each other. If there’s a bug in some library that somehow leaks some security keys or something, sandboxing doesn’t help.
example, suppose there was a bug in openssl’s prime number generation code. It will generate insecure keys.
No amount of sandboxing can help with that. The bug is discovered and the next day I run ‘pacman -Syu’ (I use arch, btw) and the problem is gone systemwide, except for any flatpaks or appimages etc. Those will only get updates (and stop leaking my data) if and only if its maintainer actually gives a fuck, is still alive and active. If not, you’re sol
I am very certain the most appropriate person to update the software would be the developer itself. So when suddenly for flatpaks & co the responsibility of updating libraries is put on the flatpak package maintainer for ANYTHING used in that container… it doesn’t sound optimal.
Still your example is a very edge-case scenario, because it would create a static vulnerability.
Containers are a form of static linking. just because they are different files inside the image, doesn’t mean they’re not effectively statically linked, if they can only be upgraded together
If I update my shared libraries, that application uses its own ‘statically linked’ libraries and doesn’t pick up the changes. Exactly like what happens with a normal statically linked binary.
You have to use a separate application to manage them, otherwise they act as portable .exe files in windows, just laying around in a folder you have to manually link to or navigate to to run. You have to set them as executable manually otherwise you can’t run them in certain distros, or they force you to click through the prompt. They aren’t listed in the general packages installed on your system.
They are often bulky in size, and depending on the distro and software, sometimes they don’t work properly. And again, without independent management software, they have to be manually updated independently.
They aren’t bad, they just arent as good as other options IMO. I like App Images for random small programs, or some games too, they aren’t a problem. But for large programs I want to use frequently, they are just less convenient.
When the system hibernates, information about the device and offset used is now written to a non-volatile EFI variable. On next boot the system will attempt to resume from the location indicated in this EFI variable. This should make hibernation a lot more robust, while requiring no manual configuration of the resume location.
That is so the opposite experience for me. Every other distro for me just ends up weird after using it too long and I get the symptoms you mentioned. Nixos always stays perfectly clean for me like I never touched it. My hardware (long story) does change my experience a little though.
When you have full system crashes there is a very high chance it’s the graphics drivers, journalctl -b -1 might show some information why it crashes, as it’s often just the graphics output that freezes, not the rest of the system.
Another common form of crashing is just running out of memory. Linux still handles that not well at all and will just freeze for a long long long time (SysRq-F will invoke the OOM killer, which can often help and speed up the process dramatically, there are other workaround like earlyoom).
Absolute bravery. Though I use runit for booting multiple things inside a docker container because fuck all that multi container lark just to get nginx and a php and a node going.
edit: I do feel norawibb’s point, the slippery mutability of Void is something I am a lot less comfortable with than I used to be. Apparently Guix has spoiled me.
Yeah rollbacks are probably the best part of immutable OS’s, but of almost equal importance is reproducible system configuration, which imo only Nix and Guix do well. Neither snapshots nor Silverblue really manage that yet.
The great thing about Nix is that it achieves reproducibility with the package manager. Container and Ansible depend on taking a system and documenting steps to bring it to the desired state. This state then might deviate over time (e.g. crashing while updating).
But yes, for most practical use it probably doesn’t make much of a difference. For me Nix forces me to document what I’m doing, which I might not do for “quick and simple change” on other systems.
My problem with snapshots is that sometimes I break something and notice it way later. This accumulated state at one point breaks something (i.e. I break something). With NixOS I’m forced to do things right, which is also annoying and time consuming.
That’s right. I just rely on intuition to create a snapshot just before I think some operation will potentially break the system. (Along with daily snapshots)
It’s definitely not as bulletproof and transparent as Nixos. You can see what has changed by doing a diff :)
I just wanted something lightweight and fast. It was between alpine (gentoo based), void and artix (arch based). I decided to go for void because it’s new and an independent distro. I’ll try the other two some day.
Really? In my experience NixOS is faster than Arch.
edit: this isn’t arguing against him, i’ve heard lots of cases where Arch is indeed faster. For me though, I feel like nixos is faster for my use cases.
You mean in terms of how fast it feels? I have never heard anyone saying this before. Can you share some details and perhaps some tips to improve performance on Nixos?
What hardware do you run Nixos on and do you modify and rebuild a lot of packages on nixpkgs?
He is assuming that you are trying to win an argument and seeing your strategic approach to doing so. It is kind of implied that you want to win the argument without having to defend your position or even be right.
I did not get that from your comment. It felt like you were more genuinely surprised to see others relating experiences you have not had. I have left very similar comments myself.
It sucks that the Internet makes us instantly distrust each other.
linux
Newest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.