Hacker News new | past | comments | ask | show | jobs | submit login
Mobile NixOS: The Present and the Future (dionne-riel.com)
97 points by buovjaga 11 months ago | hide | past | favorite | 47 comments


I think Nix and NixOS is the best thing that happened to the Linux ecosystem in the last ten years. Good that it spreads to mobile.

It's older than 10 years, but yes, NixOS is one of the best things that's happened. Another awesome thing that happened at around the same time is Archlinux. Both the distro and its Wiki are great.

They are my 2 favorite distros, as I think they fill in 2 obvious local maxima in the design space: i) an imperative system with binary packages that tracks upstream as closely as possible (Arch) and ii) a functional/declarative distro (Nix).

I'd like to try it but to be honest I'm a bit too lazy to go through with the current install process. If they were to adopt the calamares installer though, or develop their own graphical install, I'd love to give it a try. Same with Void.

While it would be possible to do that... to be quite honest, if the current install process is enough to drive you away then you'd have a horrible time using it.

NixOS is definitely the perfect OS for fiddlers. Practically nothing is usable without at least some minor tweaks, but once you've tweaked it you won't later lose those tweaks. For anyone who stopped enjoying that after redoing the same config for the fifth time, it's great.

In my opinion that would only be useful to help with creating partitions and file systems. The rest of the install process is basically creating your system configuration (and there's a helper tool for that), and a single command to perform the install.

What do you think a graphical installer should do for the user?

I think maybe a wizard would help?

Like, you choose the type of the PC and then it takes you through some steps to get the right config and packages going.

I can't remember what the install process of NixOS is like, but I just wanted to say that I absolutely love Archlinux's installation process. The live-cd just drops you in a command line with an ~/install.txt file explaining the steps you have to do to install the distro. It quickly educates you what a distro installation consists of, instead of just hiding everything behind a wizard. If I ever want to change anything I set during installation, I don't need to re-install like I would have thought before, I just need to redo whatever step involves the thing I want to change. It also quickly enables you to do a greater breadth of configurations by being exposed to the tools that perform the various steps and their configurations. That's instead of being limited to the options presented in a wizard.

IIRC the install process of NixOS is pretty similar, at least for the non-GUI ISOs. `pacstrap` becomes `nixos-install` and `genfstab` becomes `nixos-generate-config`.

> Any device not allowing that is, simply put, not respecting the intelligence of the user.

This is kind of a silly absolutist opinion. Sure, you should have an option to have a completely open mobile OS... but to say that any OS with other priorities than complete “openness” is disrespectful is to throw literally every other consideration to the wind. I mean... really, what about security?

Ideologues tend to forget about reality, sometimes, it seems. Verified app stores, for example, are about providing security to the end user, not about disrespecting the end user.

I can’t help but feel like ideologically driven projects like often almost immediately discredit themselves with crap like this. Their software comes off as about making some statement, not providing something great, novel, and beneficial to people.

Um.... he's not saying OSes with other priorities are disrespectful. He's saying that devices that are designed to make it difficult for their owners to install their own software on it (sometimes going so far as to attempt to make it illegal) are being disrespectful to their purchasers.

How do you reconcile that when it's very likely allowing even a small population of "owners" to install unverified software ends up directly harming the majority of the other "owners".

I'm not sure why you put scare quotes around the word "owner". Personally, I'd like to know what "harm" you think is inflicted by, say, the presence of a hardware jumper.

Also, in case you didn't know, there's been a lot of thought and effort expended over the decades about the philosophy, morals and implementation of ownership with regards to hardware and software. I recommend starting with a resource like http://www.gnu.org/philosophy

Let's put it this way then: what's the harm in the Raspberry Pi to allow SSH right out of the box? That's up to the owner right? I shouldn't have to configure it, it should just work. Except people who aren't Linux or security experts leave it with the default config and the system quickly gets absorbed into a botnet that negatively impacts everyone else on the Internet.

You can't think of anything connected to the Internet as completely "owned" by any one person. The Internet is a hivemind of machines and humans, and every single person has the ability to impact many other people. Even unintentionally, even unknowingly.

If we want complete personal ownership of every device in our possession, I'm all for it. But that would require every person who owns a device connected to the Internet to take full personal responsibility for anything that happens on/from their device that negatively impacts others. Would you be okay with me suing you personally because one of your devices got infected with malware and slowed down my home Internet connection? Would you be okay with me suing your grandmother?

There is hardware and software out there for people who can handle that responsibility. The majority of Internet users can't handle it, though. That's why the majority of Internet-connected devices don't allow people to meddle with things they can't understand.

The GNU philosophy is a great ideal to strive for, but like with most ideals it doesn't handle reality very gracefully. With complete ownership comes complete responsibility, and very few people are ready to take complete responsibility for what their Internet-connected device does.

Secure by default is smart, as is designing for the lowest common denominator. I do not fault the likes of Apple, Google, etc for that. However, what I do fault them for is not offering documentation to enable sufficiently technical owners to exercise their rights of private property and full ownership over the hardware they have bought.

You are very extremist in your possition, you can have extreme safe configs by default, then give an escape from jail to power users like Crheombooks have done or other devices that give you the option to install a different OS , Is your grandma formatting her PC and installing Linux ? IF yes great but probably she is not and she will also not flash her iOS device with a different firmwere either.

Richard Stallman is very extreme in his position. I’m just stating the reason why the status quo is a good thing. Agreeing with the way things currently exist is not an extreme position.

>Would you be okay with me suing you personally because one of your devices got infected with malware and slowed down my home Internet connection? Would you be okay with me suing your grandmother?

That's definitely not the status quo, it's also a pretty extreme position.

Of course not, that's the bleak alternate reality. The status quo is "you don't actually own your device". Apple or Google finds malware in an app and they remove it from your device automatically. That's the status quo. The status quo is if you get malware on your PC and it negatively impacts other people on the Internet, nothing happens and you're not punished for it so others suffer from your lack of ownership. That's the status quo.

The statement you quoted is what would happen if everyone were to actually completely own their own Internet-connected devices and took full responsibility for them. It's not a comforting idea. People like to throw around words like "ownership" but shy away when related words like "responsibility" show up.

I'm personally liable for the damage my car causes, because I own my car. I'm not personally liable for the damage my computer causes. Do people actually want to be? That's what ownership means.

Cars are required to implement safety standards. You're not taking full responsibility for your car, the company you bought it from is responsible for selling a product that's safe.

If you modify your car to be unsafe, then you're responsible.

People can own their phones/computers, they can be allowed to disable safety features, while still holding companies responsible for implementing a safe product.

It should be entirely possible to completely own your car/phone/whatever while still largely holding the company responsible for the users safety.

It is super extreme, you basically say that ownership of an item is incompatible with safety. By this logic you will not really own the future Apple car because your grandma can't change her tires so nobody should change the tires then an Apple approved person. "do you want some random guy changing a tire and not screwing it correctly, there will be a PR nightmare for Apple...." <- this is what I expect as a response

>ownership of an item is incompatible with safety

No, but close. Lack of responsibility is incompatible with ownership. You can own something that's potentially unsafe (cars, guns, pets, fireworks, etc) as long as you're responsible for the damage they may cause.

Hypothetical Apple car aside, cars are a great example of ownership and personal responsibility. If I change my tire incorrectly and it causes my car to damage another person's property, yes I am 100% liable for that damage. That's why we have car insurance, to cover that liability.

If I administer my computer incorrectly and it gets infected causing damage to other Internet-connected devices, where's my liability? I have none. What damages do I pay to other Internet users? None. How do I get paid damages from the person who infected me? I can't.

The point is you can't talk about ownership without talking about responsibility. If you can't be held responsible for what your device does, you don't own it.

This is not true at all, I can own a car and my car can explode because someone put a bomb in it, I am not responsible, ownership is not equal to responsible. The guy that put the bomb is responsible , in the computer case the guys that made the botnet are responsible for the damages,

About cars, your favorite examples, if the car breaks are broken because of the manufacturer it is not my fault as an owner that I was sold a broken car, so for computers you may need some regulations when the OS and app developers are responsible and not the current state "this software can kill your cat we are not responsible thing you see in the EULAs"

You can have your computers and smartphone designed for grandmas and that is fine, many people would like this grandma proof hardware. I don't like the extremist arguments you bring to prove your points, defend Apple and ignore valid issues brought to your broken analogies.

> Also, in case you didn't know, there's been a lot of thought and effort expended over the decades about the philosophy, morals and implementation of ownership with regards to hardware and software. I recommend starting with a resource like http://www.gnu.org/philosophy

I'm very aware.

Also, in case you didn't know, to imply morality or correctness of a philosophy simply because some n individuals spent y time thinking about it is a logical fallacy.

The GNU philosophy is great when you want to wax poetic about a technological utopia, but it simply falls flat when you try to apply it in reality.

In the modern, interconnected world, it is technically trivial to compromise and marshal many thousands of devices to use in co-ordinated attacks. I simply do not trust other users, regardless of their technical aptitude, to maintain a secure posture, and they have no obligation or responsibility(outside of a tenuous at best philosophical stance) to do so.

I trust companies like Apple to utilize their economies of scale and collective engineering acumen to deliver a safer UX far more than I do their individual users in a freer ecosystem.

One could argue there is already a "live" experiment with a more open mobile ecosystem. Android is far more lax than Apple's walled garden, and this is my shocked face that it is rife with malware.

I understand there is some small fraction of the population that will cry foul at whatever egregious transgression Cupertino commits against the utopic vision of our lord RMS, but at the end of the day most of us have other things to do with our time and want to know, generally speaking, we're protected against all the other idiots.

> Verified app stores, for example, are about providing security to the end user, not about disrespecting the end user.

Everything a company does is for the bottom line.

App stores are there for lock-in, and for taking a percent of the sale.

The security features are a (fortunate) side effect: the company uses it as selling point.

> Verified app stores, for example, are about providing security to the end user, not about disrespecting the end user.

They quite literally cannot do that. It's security theatre.

In the end both kinds of systems are necessary: Locked-down with trust managed by an authority for less tech-savvy users (or users who do not want to manage their own security and are okay with the drawbacks) and open systems with the responsibilities put into the user's hands.


I am thinking of making Sciter Engine as a chrome for mobile devices. So mobile UI can be defined in terms of HTML/CSS with code-behind-UI written in C/C++ or script.

Conceptually that would be close to FirefoxOS but more inclined into native side. Or at least will have more flexibility in this respect.

Is it interesting at all?

Definitely of interest. Also of interest would be using Sciter for embedded (but not mobile) apps. Its a natural fit for certain markets.

Are you still considering open sourcing Sciter? I personally hope so - but also know how much is involved in going down that path.

"would be using Sciter for embedded apps" that is not a problem already. E.g. it runs on ARMs like Raspberry Pi. SDK contains binaries that use GTK but it is possible to run it without any window manager. Access to FB or video memory is enough.

As of OpenSource, yes I have plans for that. The only problem is that OS is a great responsibility, at least for me. It is going to be a significant effort to document source code, etc. I am actively looking for sponsors for the effort.

re: embedded - I thought as much - I think it likely just needs some use cases and marketing to drive adoptions.

Regarding Open source / sponsorship / support: - Andrew I will follow up directly via email over weekend.


How can I reach out to you?

I would love to have deduplication on OS on mobile; it is a horror to go back to previous state.

Do you plan on allowing other projects such as AOSP forks, UT, Sailfish, postmarketOS to work on top if Mobile NixOS? So a project like Mer was?

[Edit: To answer my own question: GitHub page says its heavily based on postmarketOS]

I'm just waiting for them to solve the problem of the package manager taking multiple gigabytes of memory to run. My last experience with it involved a lot of "unable to fork: Cannot allocate memory". It's insane that a package manager would even exceed even 100mb of memory usage, let alone run into multiple gigabytes. No way there's that much information to manage.

That's actually just a command line infelicity; the advice to use `nix-env -i foobar` is really misguided, and you can avoid excessive memory usage by doing `nix-env -iA nixos.foobar` (or `nixpkgs.foobar` if you are using it on a non-NixOS machine). The difference is that in the former case, `foobar` is a regular expression that is being matched against the `name` field of every package in nixpkgs, whereas in the latter case, `foobar` is an attribute path that is used to traverse the nested Nix objects that make up nixpkgs. Since Nix is lazy, the former results in evaluating a LOT of stuff, whereas the latter does not.

Even if it were evaluating the entire library of Congress, there's no valid reason for it to consume gigabytes of memory. I really can't understand why this is so...

That's because it isn't a package manager, it's an interpreted programming language. The package management requires running a huge program in that language.

Of course knowing why it happens didn't make it less frustrating, but it's hard to fix. What you can do is build your system remotely, on a more capable machine, perhaps with nixos-rebuild --target-host.

(That's a shell script, and fairly readable.)

To me this sounds absolutely insane. Package managers that work in a couple of megabytes of ram is a solved problem. How can this be unsolvable?

It's not really the package-building process that takes tons of RAM. It's the OS-building process, where it pulls everything necessary to describe the current state of your machine into RAM, simultaneously.

This typically means several hundred packages at least, plus a lot of code that's not as easily classifiable as "packages". The config file generators are written in the same language.

Other operating systems punt on the challenge; there's no equivalent in e.g. Debian.

I get that, but it ran out of ram on a machine with 2gb of ram. Even if there were 10 million things to keep track of, that's 200 bytes per thing!

If we're talking about a file system with 100,000 files, that's 20 kb of metadata per file. Actually, more than that because it exhausted the ram.

Those numbers just don't add up.

Are you thinking regular NixOS with kde or more like notOS + sway?

I think regular NixOS.

What's 'notOS'?

It would be nice if I could use NixOS through Termux on Android.

Very excited to use this and buy a librem 5 for it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact