1. 3

    Way to go Domen! I completely agree, the Nix ecosystem needs tools like Cachix to support Nix in production and at small companies. I’m delighted to see this released, and look forward to giving it a try this weekend!

    1. 22

      May I recommend putting in paragraph zero, “Use shellcheck, dummy!”?

      1. 3

        It’s in the readme. The linked document is meant as an addendum. I’ll think about it.

        Update: Added a preface.

      1. 7

        That’s interesting that the company behind it is CZ.NIC the owner/operator of the .cz domain name!

        1. 5

          And also the authors of Knot, the DNS services behind 1.1.1.1.

        1. 6
          1. 4

            Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo

          1. 8

            Interesting! Did you consider using expect to implement this? I’ve seen some pretty wild implementations using expect!

            1. 2

              I did not! I am not familiar with expect. How might it help?

              1. 10

                expect is a great program for driving interactive programs however you choose, check this out.

                Here is test.expect:

                spawn bash
                
                set timeout 1
                
                send "echo input1 | rev\n"
                expect {
                  "1tupni" {
                    puts "Got 1tupni!"
                  }
                  timeout {
                    puts "didn't get 1tupni soon enough..."
                    exit 1
                  }
                }
                
                
                send "echo input2 | rev\n"
                expect {
                  "2tupni" {
                    puts "Got 2tupni!"
                  }
                  timeout {
                    puts "didn't get 2tupni soon enough..."
                    exit 1
                  }
                }
                
                # Note I used `input3` here but look for `input4` 
                send "echo input3 | rev\n"
                expect {
                  "4tupni" {
                    puts "Got 4tupni!"
                  }
                  timeout {
                    puts "didn't get 4tupni soon enough..."
                    exit 1
                  }
                }
                
                exit 0
                

                And running it:

                Morbo> expect ./test.expect
                spawn bash
                echo input1 | rev
                
                [grahamc@Morbo:~/projects/student-programs]$ echo input1 | rev
                1tupni
                Got 1tupni!
                echo input2 | rev
                
                [grahamc@Morbo:~/projects/student-programs]$ echo input2 | rev
                2tupni
                Got 2tupni!
                echo input3 | rev
                
                [grahamc@Morbo:~/projects/student-programs]$ echo input3 | rev
                3tupni
                
                [grahamc@Morbo:~/projects/student-programs]$ didn't get 4tupni soon enough...
                Morbo> echo $?
                1
                
                1. 3

                  Whoa, that’s nuts. Good to know for the future, definitely!

                  1. 2

                    lots of languages have “expect” libraries, I had good results with a python one.

            1. 6

              Something I hope to be covered is text reflowing, where you can resize your terminal and have the text flow to the new size. I’ve found it difficult to find a minimal terminal like Terminator which also supports this feature.

              Something I can’t ever shake the feeling of, is that iTerm2 for macOS is the best terminal emulator, and consistently innovates and pushes the boundaries on what a terminal emulator can do … but without feeling bloated.

              1. 4

                FYI, terminator isn’t really “minimal.” In interface, sure, but it uses the heavy/featureful vte, notably used in gnome-terminal.

              1. 30

                Thanks for the write-up. A lot of hard work goes in to making lobste.rs run and we appreciate it a bunch.

                That prgmr’s owner is a reader and donated the hosting is great to hear. I have used prgmr in the past and have been very happy. Has anyone tried running NixOS on it? :)

                1. 7

                  First NixOS on prgmr, then Lobste.rs on NixOS! :)

                  1. 4

                    I haven’t received any reports of users running NixOS, but typically folks would only reach out to me i they were having a problem. You can certainly boot up a live rescue and run an install over the serial console. Depending on the distribution this either ‘just works’ or requires it be told the console is on the serial port.

                    1. 4

                      NixOS ISOs from their website do not enable the serial console by default, but building a custom ISO which does is easy enough. I did so a few days ago on Debian using nix to create an NixOS installer for my APU2:

                      git clone --branch 18.03 --depth=1 https://github.com/NixOS/nixpkgs.git nixpgs
                      cat > serial-iso.nix <<EOF
                      {config, pkgs, ...}:
                      {
                        imports = [
                          <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
                          <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
                        ];
                        boot.kernelParams = [ "console=ttyS0,115200n8" ];
                      }
                      EOF
                      nix-build -A config.system.build.isoImage -I nixos-config=serial-iso.nix nixpkgs/nixos/default.nix
                      
                    2. 1

                      I actually tried a few months ago, but gave up because I had thought I figured out it was impossible. Although, seeing the link that @alynpost just posted, I might give it another go when I have some free time.

                      1. 6

                        Some years ago, a friend taught me a simple trick which I used twice to install OpenBSD at providers where neither OpenBSD nor custom ISOs were directly supported: We would build or download a statically linked build of Qemu, boot the VPS into its rescue image and start Qemu with the actual hard disk of the VPS as disk and an ISO to boot from. Thats not too hard and works for pretty much everything where you got a rescue system with internet access. I guess it should work for NixOS too and maybe nix could even be used for the qemu build ;)

                        1. 3

                          If you want to give it a go and get stuck write support@prgmr.com and we’ll help you debug.

                          1. 2

                            Thanks! I really should have been less lazy and just asked for help last time.

                      1. 26

                        If you want to impress me, set up a system at your company that will reimage a box within 48 hours of someone logging in as root and/or doing something privileged with sudo (or its local equivalent). If you can do that and make it stick, it will keep randos from leaving experiments on boxes which persist for months (or years…) and make things unnecessarily interesting for others down the road.

                        Man, yes. At a previous company I setup the whole company using an immutable deployments. Part of this was you could still log in and change stuff, but it marked the box as “tainted” and would terminate and replace it after 24hrs. This let you log in, fix a breaking and go back to bed … but made sure the “port it back to the config management tool” a #1 task for the morning.

                        A second policy was no machine existed for more than 90 days.

                        These two policies instilled in us a hard-lined attitude of “if it isn’t managed, it isn’t real” and was resoundingly successful in pushing us to solid deployment mechanisms which worked and survived instances being replaced regularly.

                        I can’t recommend this approach enough. Thank you Rachel, for writing about this.

                        1. 8

                          A second policy was no machine existed for more than 90 days.

                          I’m curious how you managed the stateful machines (assuming you had some). I’m a DBA, and, well, I often find myself pointing out to our sysads that stateful stuff is just harder to manage (and maintain uptime) than stateless stuff. Did you just exercise the failover mechanism automatically? How did that work downstream?

                          1. 7

                            Great catch! Our MySQL database cluster was excluded from the rule because of the inherent challenges of making that work, however our caching and ElasticSearch clusters were not. Caching because it is a cache, ElasticSearch because its replication and failure handling is batteries-included. Note this was with a not enormous amount of data, if our data grew to $lots we would likely stop giving ES the same treatment.

                            We worked hard to architect our systems in such a way that data was not on random machines, but in very specific places.

                            1. 5

                              Ah, good, okay. That makes more sense.

                              Currently we’re in a private cloud, so nothing’s batteries-included. Plus we’re using a virtual storage system in a way that would make traditional replica/failover structures too expensive. The result is our production DB VMs go for a very long time between reboots, let alone rebuilds.

                              I agree, though, that isolation is a great way to limit that impact. Combine that with some decent data-purpose division (e.g. move the sessions out of the DB into a redis store that can be rebuilt, move the reporting data to a separate DB so we can flip between replicas during reboots, etc), and you can really cut down on the SPOFs.

                          2. 1

                            I’ve been in 2 different orgs where they reimaged the machine as soon as each user logged out!

                            1. 1

                              Aggressive! I wonder if there were escape hatches for emergencies?

                              1. 1

                                What sort of emergencies are you envisioning?

                          1. 7

                            I use NixOS as my main OS at home and I think it’s the best thing I’ve done for having a stable system. I was mucking around with some boot deps and messed something up and all I had to do to get back to a working system was choose one option up at the grub menu and I booted into my system as it was before I had made the change.

                            However there’s a few things that I wish were better:

                            You pretty much need to put your nixos config into version control. While you can revert to a previous version of your system, it doesn’t actually save the previous version of your config, you need to manually revert before making any changes.

                            While versions of things are tracked explicitly and you can have multiple versions installed, nixpkgs generally doesn’t have multiple versions available to install/depend on (with the obvious exceptions of big things like py2/3). This means if you need a newer version of something and want to contribute back you have to update everything else that depends on your package’s (ie derivation’s) dependencies. That’s a pain. It also means that you can’t installed old versions of things along side new versions of things.

                            There’s also a lot to learn if you need something that’s not packaged already because there’s no way to run binaries not built explicitly for nixos. There’s not even any way to run flatpacks, snaps, or any of the others, but looking at nixpkgs there are people working on trying to make those work.

                            All that said, it’s still a better experience that any other distro I’ve used in the past. And I’ve never even tried to contribute to packages on any previous distro, so I’m not sure if it’s easier this way, but it’s a hell of a lot less intimidating for sure.

                            Also, I’m by no means an expert, take what I’ve said with a grain of salt, I’m sure there’s bound to be at least one thing I’ve said above that’s wrong just due to my inexperience.

                            And again, that’s mostly about NixOS, and not just Nix. I’m actually in the process of moving all the things I’ve installed via homebrew on my work laptop over to Nix after homebrew broke my system (twice) yet again when they mucked with the python 2/3 naming. I’m tired of dealing with it and have yet to have a serious issue with Nix on OSX. So, I can wholeheartedly suggest to everyone here to start playing around with Nix on an existing Linux or OSX system.

                            1. 5

                              It also means that you can’t installed old versions of things along side new versions of things.

                              Nothing prevents you from using different revisions of nixpkgs in different places, which would allow you to achieve this.

                              There’s also a lot to learn if you need something that’s not packaged already because there’s no way to run binaries not built explicitly for nixos.

                              This is not true, Nix has a buildFHSUserEnv function that creates a linux chroot where you can pretend you’re running a regular linux distro. @puffnfresh has a good post on using this here.

                              1. 5

                                Nothing prevents you from using different revisions of nixpkgs in different places, which would allow you to achieve this.

                                Huh, I can’t believe I never thought of that. I’ve even installed things from a local “fork” of nixpkgs and it never occurred to me that’s exactly what I was doing.

                                This is not true, Nix has a buildFHSUserEnv function that creates a linux chroot where you can pretend you’re running a regular linux distro. @puffnfresh has a good post on using this here.

                                That’s true. I guess I was inexact in what I wrote. You might not need to “package” something (as in contributing it to nixpkgs), but you still need to know enough about how things are “packaged” (as in writing any kind of derivation) so you can write a .nix file that wraps it in something that allows it to work. I really wish there was a pretend-to-not-be-nix ./rando-bin command that would handle 99% of binaries for when I just need to get something done. (Although I realize that’s asking a heck of a lot.)

                                Edit: Huh. I think that’s what you just linked. I should have read that all the way though before replying. Man, I’ve been looking for something like that for ages. I should complain about things on the internet more often.

                                1. 4

                                  At work we use a few different versions of nixpkgs. We want an old version of Docker, for example. So we import the exact commit of nixpkgs we want.

                                  pretend-to-not-be-nix ./rando-bin
                                  

                                  Is exactly what you get when using buildFHSUserEnv.

                                  1. 2

                                    I really wish there was a pretend-to-not-be-nix ./rando-bin command that would handle 99% of binaries for when I just need to get something done.

                                    I think a lot of people find steam-run provides it this command in most cases!

                              1. 3

                                This is great, but I’m not sure what problem they are addressing. My main problem with VPN services isn’t that I’d have to trust their software, because I’m not the only one running it. I have to trust their networks, their operators, their everything.

                                This might be an unpopular opinion, but I think I’m better off with HTTPS Everywhere (and Tor, when I want to be really anonymous).

                                1. 1

                                  and Tor, when I want to be really anonymous

                                  Of course that isn’t even a very good option unless you have extraordinary opsec hygiene.

                                  1. 1

                                    I’d say it’s relatively easy, depending on who you want to be anonymous to.

                                    But for a more general audience, I recommend checking the Tor documentation about the protection they provide. They also have great illustrations of how and where to expect privacy from whom. Also, use the Tor Browser Bundle. Other browsers will betray you :)

                                  2. 1

                                    I think a lot of their customers just don’t want to receive rude letters in the mail from their ISPs. I can attest that this service prevents such letters. …Assuming you remember to turn the VPN on, or use a VM/dedicated machine that always/only has it on.

                                  1. 13

                                    Mmmmh, an anonymous domain registration, an unknown “CTS” security research firm publishing only one whitepaper for all vulnerabilities. Whitepaper published on a secondary website “safefirmware.com”, that is otherwise broken.

                                    No exploit has been published, there is no peer review, no responsible disclosure to verify the findings.

                                    This smells like FUD. The SP is probably broken and vulnerable, yes. But this crap seems only aimed at selling security services.

                                    1. 4

                                      How does “responsible disclosure” verify findings?

                                      1. 1

                                        My phrasing was a bit misleading, but the whole “exploit being published, peer review, responsible disclosure” was what I was getting at to verify the findings. These publications have to be transparent, reproducible and verified by third parties to be taken seriously.

                                      2. 6

                                        No exploit has been published, there is no peer review, no responsible disclosure to verify the findings.

                                        This is bullshit. Here’s peer review.

                                        I’m astounded at just how strong the backlash against this is, and the backlash reeks of damage control propaganda.

                                        AMD PSP is a hardware backdoor. Intel ME is a hardware backdoor. These things shouldn’t exist in the first place, and I wouldn’t put it past AMD and Intel to spend $$ sending armies of trolls trying to cover up the severity of what they’ve done.

                                        1. 0

                                          Of course AMD PSP shouldn’t exist in the first place.

                                          But the backlash against this is simply due to “it” being a ridiculous hit-job. I don’t care about damage to AMD.

                                          This is bullshit. Here’s peer review.

                                          Nice, they did not link it on their website. My first guess will always be that there is none unless shown otherwise.

                                        2. 2

                                          Seems to be the consensus about this site on Reddit, HN, etc. Someone’s either trying to make a name for themselves or Intel paid someone who paid someone who paid someone who is good at marketing.

                                          1. 1

                                            and a big connection to

                                            the Israeli Intelligence Corps Unit 8200

                                          1. 2

                                            Suggested untagging distributed since it is using a centralized realtime service.

                                            1. [Comment removed by author]

                                              1. 10

                                                I think it’s usually because “that’s what work is buying me”.

                                                1. 10

                                                  Can anyone show me a laptop that doesn’t lose to a macbook in any of these categories?

                                                  • performance
                                                  • price
                                                  • form factor
                                                  • fit and finish
                                                  1. 5

                                                    I really like Lenovo X1 Carbon.

                                                    1. 2

                                                      Very happy with 5th gen x1c. If only I could get 16:10 though…

                                                    2. 5

                                                      Personally I like the Dell XPS 13 and 15. The 4K screens are really amazing to see in person. You can configure with an i7 processor, optional fingerprint reader, fast SSDs up to 1TB, up to 32GB RAM, touch/non-touch display options, up to 97Wh battery in the ~4.5lb model or 56Wh in the 4lb if you want to go lighter (benchmarks). For ports, it has an SD card slot, 2 USB-A 3.0 with PowerShare, 1 HDMI, and a Thunderbolt 3 (including power in/out).

                                                      I feel they compete in several of the categories and are worth checking out in person somewhere (Frys, etc) if you’re in the market. Just earlier today someone posted a link to this guy’s experience spending a year away from MacOS and he winds up with an XPS 15, which he mostly likes.

                                                      1. 8

                                                        Too many QA issues to compete with a MacBook. Just check /r/dell.

                                                        1. 8

                                                          Not a chancee, my favooritee part is the firmwware feature that douboles up my keypressese!

                                                      2. 2

                                                        I went from a 2011 macbook pro 15” to a thinkpad 460p running kubuntu, its not as flush as the macbook but it beats performance & price for me. Form factor, I should’ve got a 15” again but thats my choice. Fit & finish on the macbook is better but then I can easily remove my battery and get to all the internals of the laptop, so I prefer the thinkpad.

                                                        1. 1

                                                          I can try, though I am not sure what “fit and finish” means or how to measure it.

                                                          Ignoring that, I would offer up both the Dell XPS 13 or Lenovo X1 Carbon.
                                                          There are reasons to pick one over the other, but for me it was the X1 Carbon for having matte screen.

                                                          1. 1

                                                            Fit and finish covers build quality and aesthetics. According to this page it’s an automotive term.

                                                          2. 1

                                                            The new Huawei Matebook X?

                                                            1. 1

                                                              How about the ASUS ZenBook Pro? I don’t have experience with it, but superficially it’s got very similar form factor and design to a MacBook. Aluminum uni-body and all. And being not-Apple, you obviously get better performance for the price.

                                                              1. 1

                                                                Thinkpad P71. Well, except for the form factor (I’d rather get stronger arms than have to compromise on other factors), it beats the Macbook Pro on all fronts.

                                                              2. 5

                                                                I’ve run Linux on a Macbook because my employer wouldn’t give me anything else. Reason was: effort of IT team vs my effort of running Linux.

                                                                But pretty sure my effort was extensive compared to what their effort would have been :)

                                                                1. [Comment removed by author]

                                                                  1. 2

                                                                    Yeah, but then you’re stuck with the clunky old macOS rather than a nice modern UI like StumpWM, dwm or i3.

                                                                2. 4

                                                                  16:10 screen, wide-gamut display, correct ppi (X1C is too low, and the high-res Dells too high).

                                                                  The last ThinkPad (of which I have many) to have a 16:10 screen was T410, which is now 8 years old.

                                                                  Personally, there’s no other modern laptop I’d rather use, regardless of operating system. To me nothing is more important than a good and proper screen.

                                                                  If anybody comes up with a laptop that has a 4:3 screen, I’ll reconsider.

                                                                  1. 1

                                                                    Doesn’t the pixelbook have a nice tall aspect ratio? Ignoring linux compatibility and the fact that it’s a chromebook, I feel like you’d like the hardware.

                                                                    1. 2

                                                                      It does, but tragically it’s ruined by a glossy finish on the screen. I bought one for the aspect ratio and brightness but almost threw it out the window several times in frustration before giving it away.

                                                                  2. 2

                                                                    I don’t think many people buy new Apple hardware with the intention of immediately wiping it and installing Linux.

                                                                    My MBP, for example, is running OSX because I need it (or Windows) to use Capture One photo software. When I upgrade to a new machine I’m going to put Linux on the old one and use it for everything else. I did the same thing with my iMac years ago.

                                                                    I personally still think the build quality of Apple laptops are better than the alternatives. The trackpad in my old MBP, for example, still feels better than the trackpads I’ve used on newer machines from other brands. The performance and specs are less important to me as long as it’s “fast enough” and the build is solid.

                                                                    All that said, I’m not buying any more Apple products because their software quality has completely gone down the toilet the last few years.

                                                                    1. 2

                                                                      In this case I didn’t really have a choice. I had tried asking for a PC before I started this job; but they tried to get me in really fast and provisioned a Mac without even asking me. My boss made up some bullshit about how you have to have them for developers laptops as the PCs the company bought didn’t have the specs (16GB of ram and such). I’m really glad I got Linux booting on it and not have to use it in VMWare (which does limit your max ram to 12GB and doesn’t give you access to the logical HT cores).

                                                                      But yea if it was my personal laptop, I wouldn’t even bother buying a mac to being with. My recent HP had everything supported on it with the latest Ubuntu or on Gentoo with a stock kernel tree right out of the box.

                                                                      1. 1

                                                                        I got given a macbook so I had no choice what laptop to use so I installed linux on it and it works well enough.

                                                                      1. 22

                                                                        Ironically, the biggest thing that stops people from joining a Mastodon instance is the paradox of choice. If you want a Twitter account, there’s exactly one place to go and a newcomer has zero things to figure out before joining.

                                                                        If you want to join a Mastodon instance, you have to grok the distributed nature, figure out why some instances block other instances, which code of conduct you endorse (or pick an instance without one). All those choices create a higher barrier new users have to overcome to “get in”.

                                                                        1. 2

                                                                          Ironically, the biggest thing that stops people from joining a Mastodon instance is the paradox of choice.

                                                                          And network effects. I am not very active on Mastodon, since most friends and colleagues (computational linguistics, ML) are not on Mastodon.

                                                                          I also think that the default user interface, even though it is nice for advanced users, is not simple enough.

                                                                          1. 2

                                                                            I think it largerly depends on how your interests match the instance you join.

                                                                            I was invited to join mastodon.social social but I now realize that I mainly follow people from other instances.

                                                                            Probably the fact that I’m mostly interested in software related matters (even if from a wide range of perpectives, including law and ethics) is what make the local timeline pretty boring to me…

                                                                            Finding the right instance might not be simple.

                                                                            Maybe a tag cloud representing the topics threated in the instance could help in the decision (together with the code of conduct obviously).

                                                                          2. 2

                                                                            I can see why you’d think this, but my experience has been that it really doesn’t matter, other than obvious stuff like not picking a fascist-friendly place. If you’re on a small instance then your local timeline will be quieter, but personally I found the majority of people to follow thru IRC or threads like this, so the local timeline didn’t really come into it.

                                                                            1. 1

                                                                              I have never depended heavily on the local or federated timeline for discoverability, but I joined during a wave of signups where lots of people I already knew on Twitter were already joining.

                                                                              I imagine that, if the one person you know on the fediverse is also the person who told you about it, and that person is also a newbie or has mostly different interests, the local timeline matters a lot more. (And, if you’re reasonably ‘normie’ – if your strong interests aren’t geared toward witchcraft, furry fandoms, communism, and the internal politics of the FSF – you might have a really hard time finding an instance geared toward you anyway.)

                                                                              I couldn’t be the one to do it, but I wonder if it would make sense to make a handful of sports-centric nodes. It would probably attract a lot of users.

                                                                            2. 1

                                                                              And so instead of taking the time to make informed choices, these users would rather delegate that responsibilty to a corporation which then makes all sorts of important choices for them….

                                                                              1. 12

                                                                                I think it’s a bit flippant to say that they don’t make an informed choice. Some people really do prioritize their time over other things.

                                                                                1. 3

                                                                                  or they have no idea what advantages a decentralised system would provide, and completely overlook its existence

                                                                                  1. 5

                                                                                    or they don’t value the benefits the decentralised system provides, and consider the centralisation a pro.

                                                                            1. 3

                                                                              Nixpkgs / NixOS has run in to this problem as well, with the same strictness of hash checking. We’ve instead developed tools to normalize the results from GitHub, and compare the hash after normalization, not prior. This works for us since the contents of the archive is what we care about, and not the implementation detail of the archiving process.

                                                                              1. 2

                                                                                Does this mean archives are being extracted before they’re verified?

                                                                                1. 2

                                                                                  Yes

                                                                                  1. 2

                                                                                    This opens up an attack vector through your tar & compression implementations - a bug in them could lead to code execution via maliciously crafted archive.

                                                                                    1. 3

                                                                                      Indeed. Only in specific cases are the archives extracted prior to verification, and GitHub is one of the few. However: Nix with sandboxing turned on (and everybody should have sandboxing turned on) will extract the contents in a very limited sandbox, with read access to limited paths, and write access to a single directory. The code could execute, but couldn’t do very much to the host itself. Other potential concerns involve access to a limited set of environment variables, and possibly the nscd socket. There is the chance of sandbox escapes and kernel vulnerabilities, yes, but we’ve found this to be an acceptable trade off in the few cases we’ve needed it.

                                                                                      1. 2

                                                                                        I applaud sandboxing. However I believe we (as the general community of people packaging software for various OSes) should coordinate on fixing the root issue. Get people to upload release tarballs, stop them from silently moving tags etc. Many people are just not aware, asking them nicely may be enough to solve it - one by one. You won’t get all of them to switch, but many more will if approached - instead of working around the issue.

                                                                                        1. 3

                                                                                          I completely agree, and as a community we advocate for efforts in reproducible builds and good packaging practices. I’m sure we’ve asked people to make good releases in the past. I applaud OpenBSD’s efforts to push here as well.

                                                                                      2. 2

                                                                                        I mean, gunzip + untar is a lot less complicated than, say, TLS 1.2 + HTTP2 + gzip. Which we pass untrusted data through all the time.

                                                                                        Perhaps this fear is really an issue with the raw C implementation in gnutar.

                                                                                        1. 3

                                                                                          Reducing attack surface anywhere in the chain is valuable.

                                                                                1. 1

                                                                                  It turns out that Google, Facebook, Twitter and many others have needed a solution to this use case for many years now. They came up with Bazel, Buck, Pants and many others, respectively. So all we needed to do was add Haskell support to one of these existing solutions. We chose Google’s Bazel.

                                                                                  I wonder why they used Bazel. Buck supposedly already has Haskell support.

                                                                                  1. 3

                                                                                    A comment from my coworker:

                                                                                    We looked at Buck. Actually initial version of bazel rules was somewhat of a blind copy of what Buck was doing. It was the main contender along Bazel for a system we’d go with. The reasons we didn’t go for Buck are (that I can remember off the top of my head months later):

                                                                                    1. The rules are fairly limited. They don’t play nicely with Java, C, … as far as we could see. We spoke with Simon Marlow who is at Facebook using those rules for an experience report and some general advice and it obviously works for their use-case but I think we wanted a bit more.
                                                                                    2. To do anything to Buck rules (change, extend, add new ones), you have to change Buck itself. You then have to make sure all your users are using the right version. There’s nothing like Skylark which lets you add rules post-facto. In bazel you can stick the commit revision of rules you want in WORKSPACE and you’re good to go.
                                                                                    3. It didn’t work out of the box for me personally on NixOS. The buck daemon would not start. This made using Buck an awful experience for me. I would have to spend time into making it work properly instead of working on the rules.
                                                                                    4. Bazel is a lot better documented. It leaves a lot to desire still I think but compared to Buck docs, it’s great.
                                                                                    5. General community around Bazel seems bigger. This probably follows from (2.). This was and continues to be extremely useful during development because very often we’ll go “oh, let’s look at what Go rules are doing for how do do XYZ”.
                                                                                    6. From what I remember, Buck actually does “dirty” builds. It builds Haskell then very carefully removes just enough temporary craft to allow somewhat stable rebuilds that are still iterative. This makes partial rebuilds fast but makes rebuilds potentially fail. I don’t know if it happens in practice but it seemed somewhat unprincipled.

                                                                                    This was settled on few months ago so I don’t remember the details and hopefully didn’t make anything up but don’t quote me on anything from here. Overall Bazel just seemed like a better basis for developing usable rules that we wanted.

                                                                                    1. 1

                                                                                      Thank you!

                                                                                  1. 24

                                                                                    This is incredible, and not just an every day release! Nix 2.0 has been in progress for years now. I’m so proud of the Nix team: pulling together and getting it out the door. There are some wonderful patches here. The new (pre-release!) of the nix command looks nice, and I’m super excited to write about the new builtins.fetchGit support – solving a problem I think many people have struggled with.

                                                                                    I’m slightly disappointed we don’t have our “marketing ducks” in a row to coordinate some big blog post push or something, but hey – at least we got it out!

                                                                                    Also: Nix 2.0 will be the stable Nix on NixOS 18.03, which will also be coming out at the end of March!

                                                                                    1. 20

                                                                                      Regarding Nix’s growth, the community has doubled in size over the past two years and the binary cache sees a steady rise in use. Over the past six months I know of several people who were able to start working in Nix and NixOS roles full time – at least one of them focusing primarily on improving NixOS itself. From the inside, it feels there is a ton of growth going on, and we feel excited about what is to come over the next year.

                                                                                      1. 3

                                                                                        That’s great to hear! As a Nix and NixOS user, I find it to be incredibly useful software, and I very much want the community and ecosystem to continue to grow so that I can continue to use them. :)

                                                                                        1. 2

                                                                                          This is good. Nix is the first Unix derivative that I’ve felt has actually tried to solve the problems with mutable systems that have been accumulating for the past thirty years. I think a completely declarative configuration is so wonderful that I’ll even put up with the terrible Nix tooling and the suboptimal language.

                                                                                          1. 2

                                                                                            Hopefully some of the Nix 2.0 improvements (tagged today, though the UI is still in flux) will solve some of the terrible tooling issues.

                                                                                        1. 6

                                                                                          This gives me great confidence in my newly-registered-through-101domains nix.ci domain :(

                                                                                          1. 2

                                                                                            I think the part I’m missing is why use TCP if you don’t want its features?

                                                                                            1. 3

                                                                                              I’m imagining this in the context of websockets, where you are stuck with TCP only. But in that context, you can’t control the browser’s TCP stack making retransmit requests, and usually streaming is from a server to a browser… So I’m not quite sure how this can be applied. It is clever, though.

                                                                                              1. 2

                                                                                                Because that’s how the Internet is. TCP works pretty much every time, but UDP doesn’t.

                                                                                                Relevant presentation: http://dedis.cs.yale.edu/2009/tng/papers/pfldnet10-slides.pdf