I switched over to Nix about a year ago. I was a Windows user before that for 30 years and tried Linux a couple of times, but it never stuck. Now I know I will never touch Windows again. With NixOS I've finally found a system that actually works for me — and the full OS configuration is in a repo. My god, I love it so much.
Sometimes I even prefer nix-shells over uv for quick one-off Python scripts.
I cannot sufficiently convey how absolutely barbaric everything else feels in comparison. Not having Nix would be like having to work on code without Git — absolutely unacceptable.
And it really isn't that much work — you do it once. The next time you set up a new system, without Nix, you'll have to do the full configuration all over again.
Have you heard of any good projects for running isolated containers in NixOS that are cheaply derived from your own NixOS config? Because that is what I want. I want a computer where I can basically install every non stock app in its own little world, where it thinks "huh, that is interesting, I seem to be the only app installed on this system".
Basically, I want to be able to run completely unverified code off of the internet on my local machine, and know that the worst thing it can possibly due is trash its own container.
I feel like NixOS, is one path toward getting to that future.
Can you do those ad-hoc though? I was looking into this too. I feel like it requires a system config change, apply, and then you need to do container start + machinectl login to actually get a shell.
That's definitely what I want... most of the time.
* declarative mode, where your guest config is defined within your host config, or
* imperative mode, where your guest NixOS config is defined in a separate file. You can choose to reuse config between host and guest config files, of course.
> I want a computer where I can basically install every non stock app in its own little world, where it thinks "huh, that is interesting, I seem to be the only app installed on this system".
NixOS containers are the most convenient way to do this, but those will map the entire global nix store into your container. So while only one app would be in your PATH, all other programs are still accessible in principle. From a threat-modelling perspective, this isn't usually a deal-breaker though.
There's also dockerTools, which lets you build bespoke docker/podman images from a set of nix packages. Those will have a fully self-contained and minimal set of files, at the expense of copying those files into the container image instead of just mapping them as a volume.
If containers are safe enough for ur use case then just use nixos containers they just a few more lines to setup in a regular nixos config
If it isn't enough
there's microvm.nix which is pretty much the same in difficulty /complexity, but runs inside a very slim and lightweight VM with stronger isolation than a container
depends whether you consider rootless Docker "cheap". I tried running ZeroClaw in a Nix-derived Docker (spoiler - it was a bad idea to use ZeroClaw at all since the harness is very buggy) and there is still a potential for container escape zero-days, but that's the best I've found. also, Nix's own containerization is not as hermetic as Docker; they warn about that in docs
That's hard given most apps have dependencies and often share them.
It will always look like curl is available or bash or something
What's wrong with another user account for such isolation?
They can be isolated to namespaces and cgroups. Docker and Nix are just wrappers around a lot of OS functionality with their own semantics attempting to describe how their abstraction works.
Every OS already ships with tools for control users access to memory, disk, cpu and network.
Nix is just another chef, ansible, cfengine, apt, pacman
Building ones own distro isn't hard anymore. If you want ultimate control have a bot read and build the LFS documentation to your needs.
Nothing more powerful than the raw git log and source. Nix and everything else are layers of indirection we don't need
Not only is it composable, but it is generalizable. So yes there is also chef, ansible, apt, uv, nodeenv, etc... or there is just nix. It is able to be the "one tool" to rule them all, often with better reproducibility guarantees.
I almost switched back to Fedora Bazzite to get a working gamescope, but realized I can get HDR in sway and its actually more stable than Valve's mess of gamescope. Even though I have to use "--unsupported-gpu" flag, my Nvidia card works wonders in Sway, where as gamescope gives me a blinking cursor and segfaults.
Not the greatest fan of python, but when I've got to run a python script, I do `nix-shell -p 'python3.withPackages (ps: [ps.requests])' --command 'python3 your-script.py'` Note that there is one argument to -p and one argument to --command -- both are quoted. The argument to -p is a nix expression that will provide a python3 command, referring to a python3 with the requests package. The argument to --command is a bash script that will run python3 with the argument "your-script.py" i.e. it will run your-script.py with the python3 that has the requests package.
I think there's ways you can autoderive a python3 with specific packages from python dependency files, but I can't help you there. I do find AI to be reasonably helpful for answering questions like this: it just might sometimes require a bit of help that you want to understand the answer rather than receive a perfect packaged shell.nix file.
Do you have to figure this out? Sure, it's nice and "pure" if everything is configured through Nix but there is something to be said about being pragmatic. Personally, I just enabled nix-ld[0] and use uv to install and handle my Python versions and package dependencies. Much, much easier.
Easier and largely compatible with the rest of the world. Solving problems with "If we all switched to NixOS..." is a non-starter in most organizations.
My rule of thumb: keep a strict separation between my projects (which change constantly) and my operating system (which I set up once and periodically update). Any hard nix dependency inside the project is a failure of abstraction IMO. Collaborating with people on other operating systems isn't optional!
In practice this means using language-specific package management (uv, cargo, etc) and ignoring the nix way.
i don't like the framing of $96 that pops up with this topic.
There are so many reasons why the pricing point is completely irrelevant. Yet it frames it as if it were a similarly helpful option to fpv drones for the underdog nation - It's not, nor would it be if it were $9.60 or $0.96. This launcher has not even hit a PoC state - to mention the production cost of the prototype at this point is an extremely weak talking point - it means nothing.
another adhd guy here.
I haven't tried it, so i can't vouch for it to any degree of certainty, but maybe it's an option to have your main payment card in a sleeve inside your phone case?
Even if it works, it's only a drop in the bucket, but maybe that's enough if you consider the lack of NFC payment a major issue.
thank you for pushing for an alternative to android and apple
Really, that little? Don't feel even slightly embarrassed about your morals being so cheap? You'd hurt your neighbors and acquaintances for 20K a month?
Given you probably don't earn that today, say you got paid that now instead of whatever you earn, what would you spend that money on in reality?
Sure, but what about all the other aspects of your life, those contributing more to your happiness? Corrupted people have money as their top goal in life, everyone else is trying to live a good life once they have enough, but there seemingly is no "enough" for quite a large part of the population, and in some places of the world this obsession seems worse than in others.
Hate the game, not the players. Somebody is supposed to be regulating this stuff. If you're in a poor city or country having a shot at such compensation would be life changing for the whole family, not just you and game-theoretically someone else will take that job anyway, for similar reasons, too.
First of all we have to make our minds. Do we need regulation or not. Many people cry from top of their lungs for less regulation, and now are we saying "if it's so damaging why we are not regulating it?" this is double-distilled, barrel-aged hypocrisy at its finest. You can bottle it and sell it as a limited reserve single malt.
Changing your life for a single generation while setting every pillar of a civilized society, moral imperative and human values and everything related on fire is again a monumental example of shortsightedness.
Trying to beat your conscience with the bat of "if I didn't do it, somebody else would do the same" will only make your heart and soul ache more and more over the years.
I (and many others) would live a peaceful life trying their best to leave the world a little bit better than they found rather than being slave of the money they earn and being bickered by their conscience because they betrayed to the essence and foundation of humanity just for a few {thousand, million, billion, trillion} bucks.
I have rejected much more lucrative offers because I value my family, people I love and personal life more than a shiny car which will rust in two decades anyway.
So, I'll hate the game and the players while trying to make our world a better place. At least I'll die peacefully.
No, I'm sorry, but fuck that. I've been one of the players, and it's definitively possible to not play the game, especially when you see what's going on around you, and still live a perfectly fine life that is above the living standards of most others in your country, if you're working as a software engineer. And I'm saying this as someone who never came close to FAANG salaries yet was lucky enough to paid enough to live better than I thought I'd ever do, but initially had really shit living situation and have had to steal at one point to feed myself. I've had chances that could mean I'd live a life of luxury earlier than what it ended up being, but I couldn't live with myself if I did those things, when I had anything resembling of a choice.
There is almost always a choice, and "hate the game not the player" is such a bullshit excuse for people to just participate because everyone else is. It's spineless and the answer of a chicken who doesn't want to consider the consequences of their actions.
Anytime anything comes up, I do talk with them, thank you for asking. However, they're an ocean away from where the really bad stuff happen, where seemingly all people think about is how to maximize their salaries and then deploy their services for everyone else in the world to get addicted, my representatives can't do a lot about that except what they're already doing.
I would feel embarrassed, yes. But that's 5 times my current salary for a 'similar' position. I am not sure it'd be 5 times worse in terms of societal effect. And even if it were, I am not sure I would be 5 times as embarrassed, if we are considering a linear conversion rate.
What I am trying to say is that I am on your side - as of this moment it is incredibly unlikely that I would ever see this kind of money. That makes it an easy position to take in a online conversation. But I have seen decent people throw out morals for a 100th of what we are talking about.
look, i dont want to work at any of those companies anyway. I am with you - i was trying to say that money can break most of us. I appreciate you being so farsighted by leaving such a position, but for many other people that would be unthinkable - And that does not make them monsters.
At this point I would be more worried about working for a US company, than which one exactly - (not totally serious of course, but also not entirely inaccurate)
I had no safety net and nearly became homeless after draining my savings helping a family member in the months after this happened. I come from a very poor background and have no family to rely on. I spent several years as a teenager and in my early 20s homeless, without parents or anyone to help me financially. I starved and was very ill.
I say this to make it clear that I didn't make this decision free of consequences, and it was unthinkable at the time for many from better backgrounds than I. I have experienced worse conditions than most of my peers ever will and my soul is still not for sale. There is no excuse. Selling heroin on a street corner is more ethical than what is going on at Google and Meta.
I did not mean to imply that you did not face any consequences. Sorry if that came across that way.
But my point stands. While I heavily disagree with almost everything Alphabet, Meta, Microsoft, etc. stand for, I cannot hold the developers in these companies to the same level of judgment as I would politicians, lobbyists, and managers.
You may compare selling heroin on the street to whatever stuff is going on at these companies, and I might agree or disagree. But the fact is — selling heroin on the street is illegal, while training a recommendation model is not. Quite the opposite. And the complacency and failure to put reins on this situation 15 years ago is a deep failure of our civilization. As long as we train people at university for these positions and pull them in with such incredibly high salaries, I can't not forgive them to a large degree. I do not forgive the policymakers that enable this madness, however.
I understand that's just moving the blame to a higher level — that's not the intention. It's a systemic failure, and it needs systemic change.
The user had more arguments than just "it's all politics". What level of scrutiny does his statement have to hold up to? Because as far as I am concerned this is not here to find scientific truths.
I don't know man. It's always the same debate: It's either "too much politics" or
"no change at all" whenever this issue comes up and the "nothing changed" crowd keeps on reminding everyone that C3 "was always like that". I'm not requesting a scientific study but if you're this convinced that nothing changed despite may old school attendees chiming in to confirm the opposite, perhaps it would be helpful to compare old and new schedules.
I find it strange you didn't latch on to the original comment, which has the exact same problem you complained about, but reacted to the response. The best action is to ignore threads and sub-threads you don't care about and leave others who do to their fun.
I would hate to have a 40px title bar doing nothing except wasting space on my screen. I've been using this layout for years, and I didn't even consider that anyone could have an issue with this until I read your statement.
I'm not saying that you are wrong to disregard it due to your personal preferences, but please consider that this might not be such a horrible design as you make it out to be. Also, you can be certain that you are not the only sane person left - I think it's just that most of them don't show up on boards and forums.
The parent post is overly strongly worded, but I agree with the meat of it: tabs should not be in the title bar of the window. It's worse usability for a space savings that really isn't relevant because it's so small.
Just because it is not doing anything at the moment doesn't mean it doesn't serve an important, necessary purpose. For a windowed application environment to be functional and usable, there needs to be an easy way to drag windows around the screen. When you start moving things into that space, it makes the system harder to use.
A once-simple action which required minimal thought now requires you to parse an arbitrarily populated area of the screen and find a tiny gap within a litany of buttons and controls and carefully drag that part of the window. If you make a slight mistake and click on a tab or button, the unwanted activation of that control (e.g. switching to a new tab) serves to needlessly penalize the user.
This is not just an issue with web browsers now, but seemingly everywhere. It's been a big issue in the macOS Finder for a while now.
At the very least, Firefox still gives me the option to show the native window title bar, which I very much appreciate. It's certainly not the sexiest part of the UI, given the native element clashes a bit with FF's controls, but at least it's usable! This is an issue that could be solved by giving people a choice via a simple toggle... Most often, the option isn't there.
I'm sorry people have downvoted my post here a bit, and I agree it was a bit strongly worded, but I won't apologize for venting some frustration at what I see as the perpetuation of user-hostile design choices like this.
I love chatterbox, it's my favourite. While the generation speed is quick, i wonder what performance optimization i could try on my 3090 to improve throughput.
It's not quite enough for realtime.
reply