Asklemmy

42525 readers

1055 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

What's your favorite Linux distro? (lemmy.world)

submitted 11 months ago by [email protected] to c/[email protected]

126 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 14 points 11 months ago (1 children)

It's a somewhat immutable distro, that is however fully configurable.

The configuration is all in one place. No more changing a bunch of files in /etc, some in /lib, etc, and having to remember all files you've changed.
You can easily recreate your system from your configuration or boot to older configuration.
You can easily open shells with different programs available. Very useful for development, when you need a reproducible environment with the project's specific dependencies.
Very hard to learn, but if you have learned it well, a lot of things become easier than in other distros.

[–] [email protected] -3 points 11 months ago (1 children)

It's a somewhat immutable distro

NixOS is an immutable distro. Immutability is binary, it either is, or it isn't.

[–] [email protected] 3 points 11 months ago (1 children)

/nix/store is immutable. But there are some files in other places like /etc and /var that are mutable. Also I (or a malicious executable) could, in theory, delete store symlinks and replace them with mutable files. Impermanence helps, but you'll still want some mutable state.

Fully immutable systems have everything outside of /home read-only. NixOS is not one of them.

[–] [email protected] 1 points 11 months ago (1 children)

I see.

I don't really get the malicious software point though. All immutable distros have a mechanism for changing, after all they need to be updated. If a malicious executable has root access, which is what you need to change symlinks on NixOS (I know services often get their own user, but unless modified, only root has access to those users), then these malicious executables could also leverage whatever mechanism for change other immutable distros have, to do malicious things, no?

Though I do agree with you, now, that NixOS isn't immutable.

[–] [email protected] 1 points 11 months ago (1 children)

There are ways to secure the update process. For example, you can enable secure boot and store your secure boot keys encrypted (or on a smart card). Then (if a full chain of trust is implemented) to update your system, you'd need to enter the private key password (or insert the smart card), and a root-access executable couldn't to that automatically.

[–] [email protected] 1 points 11 months ago (1 children)

Yeah, but do other distros do this though? Not that I'm aware.

And surely the same could be done to NixOS, no?

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

I think it can in theory, but there will be some problems. But most likely Silverblue or something else would have its own problems trying to implement something like that - I don't have any experience with them and don't know how they'd compare.