Login

Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Yann Büchau :nixos:

:nixos: and do HaaS: Hard-coding as a Service.

You tell it what you want your system to look like and it hard-codes the sh*t out of it.

This comes with all the benefits of hard-coding: Your environment, your PATH, manually installed software, etc. don't interfere with your base system at all. Every program and service sees exactly the dependencies and configurations they were given. The amount of power this gives for servers/embedded/purpose-built machines cannot be overstated!

Feb 06, 2025, 02:52 PM·Public
5boosts·12favorites
Public
Yann Büchau :nixos:

But of course hard-coding has its downsides.

Want to use that dynamic plugin system for a service or program? nah, you gotta let nix hard-code it for you.

Your app remembers absolute paths for file associations? They break on every update.

Want to use precompiled binaries that expect dynamic libraries to be present at standard paths? Nope, you gotta jump through hoops here.

But overall - for me and my use cases - the upsides compensate these downsides massively.

Public
Philipp :emacs: :nixos:

@nobodyinperson In theory this even gives a performance boost for loading dynamic libraries. In practice I think it doesn't yet.

Public *
matrss

@pmidden @nobodyinperson Counterintuitively, it actually negatively affect(s|ed) loading times for dynamic libraries, at least in a naive implementation. There is a good blog post from @civodul about the issue and what they did to fix it; I don't know if and how the issue has been addressed in nix though: guix.gnu.org/blog/2021/taming-

guix.gnu.orgTaming the ‘stat’ storm with a loader cache — 2021 — Blog — GNU GuixBlog posts about GNU Guix.
Public
Philipp :emacs: :nixos:

@matrss @nobodyinperson ah, yes, I think I remember reading about that. So, any guru care to share if that's implemented as well?

Quiet public
BB :verified_cool:

@pmidden
@matrss @nobodyinperson

I'm no nix "guru", but I did find this discourse thread from 2022 which indicates it was not solved then (and given the leadership mess, I suspect not solved now?): discourse.nixos.org/t/making-r

NixOS Discourse · Making RUNPATH redundant for Nix
Public
Robert Hensing

@pmidden @nobodyinperson Farid Zakaria worked on this, fzakaria.com/2024/05/03/speedi

Farid Zakaria’s Blog · Speeding up ELF relocations for store-based systemsSince the introduction of Nix and similar store-based systems such as Guix or Spack, I have been fascinated about finding improvements that take advantage of the new paradigms they introduce. Linux distributions are traditionally dynamic in nature, with shared libraries and executables being linked at runtime. Store-based systems, however, are static in nature, with all dependencies being resolved at build time. This determinism allows for not only reproducibility but also the ability to optimize various aspects of our toolchain. Work that I’ve have written previously about shows that there are worthwhile speedups that can be gained. While previously, I focused on improving the stat storm that occurs when resolving dependencies, I have recently been looking at speeding up the ELF relocations that occur when executing a program. You can check out my publication Mapping Out the HPC Dependency Chaos about the development of shrinkwrap if you are interested in the topic. Extending the idea further, I have been looking at how we can optimize the ELF relocations that occur when executing a program. In this post, I will discuss the basics of ELF relocations and symbol resolution and how we can optimize these processes for store-based systems.
Public
matrss

@nobodyinperson this also allows some unique security features to be enabled: xeiaso.net/blog/paranoid-nixos

Mainly:
- Rip Out sudo
- Rip Out Default Packages
- Mark All Partitions but /nix/store as noexec

xeiaso.netParanoid NixOS SetupXe Iaso's personal website.
ExploreLive feeds
About