← Back to context

Comment by rowanG077

6 days ago

Nix for me has been a great source of stability. I used to run ubuntu and was never happy. Packages randomly broke, the UI lagged a lot, I always had to dig to get things working. One day when I head a uni deadline an automated updated destroyed my wifi funcionality. I had some experience with nix from work so in anger I installed NixOS. Wifi worked and I finished my uni assignment. Haven't installed anything else on my computers since, and that was 6 years ago. Sure things can be a pain. But NixOS has never broken in unexpected ways. I know if I update things may go wrong. But I can always go back and try again a newer version a few weeks later.

The biggest drawback is really that "random executable from the internet" does not work out of the box. And sometimes you have to spend a lot of time to package something yourself. But all in all It has saved me time and a lot of pain. I dare even say I no longer have a toxic relationship with my OS.

NixOS literally just broke webcam drivers on alder lake and wake from sleep. That was a huge pain to deal with when updating for the rsync vulnerabilities. And a bunch of other issues.

Thank goodness for perfect rollbacks. I'll take rsync vulnerabilities over a super broken system and try again in a few weeks.

For those pesky random executables there's a couple of escape hatches -- buildFHSenv and nix-ld. This is also predicated on good provenance of the executables in question. One should probably not even ldd sketchy binaries:

https://jmmv.dev/2023/07/ldd-untrusted-binaries.html

  • Even proper packaging is far easier compared to other package managers. Typical distros push users away from packaging their own software, so users end up relying on ad-hoc solutions instead. Nix instead makes packaging easier by having proper tools to abstract away the nitty gritty details.

    For random binaries, autoPatchelfHook works miracles.

    • It wasn’t that bad creating some new derivations my first week with Nixos, I was so used to Arch where I had maybe a handful modified pkgbuilds over a decade.

      For better or worse it was a positive experience, especially when you usually already have a pkgbuild to go off of.

    • Every time I see a linux installation with a mess in /opt because it's faster than making a package, I get annoyed.

  • steam-run seems to be able to run everything. It uses bubble wrap to keep the OS isolated and add /usr/bin stuff most exes want.

    • *it won't be in the future because it is no longer the grabbag for everything.

      Also linking things to /usr/bin is done by the fhs which uses bubblewrap, not steam-run.

I now use distrobox to run random binaries in a container. It's faster and convenient

  • > just run random binaries from the internet like it's 1998, bro

    That world was fun but I don't want to go back to that place.