Everyone should use what suits them best. My negative opinion on snaps doesn’t mean Ubuntu shouldn’t ship it or that users shouldn’t use it. It’s Canonical’s distribution, they can put into it whatever they want for all I care, and if users are happy with it, good for them. But I can still criticize it for perceived issues. (Edit: kind of a straw man since nobody said I couldn’t, I just wanted to stress that I’m not authoritative on the matter)

But I understand that Ubuntu isn’t for you if you want to avoid snaps.

I used Ubuntu in the past, from I think 2004 or maybe 2005 to 2008, but switched away because of other issues that I don’t remember anymore, but I do remember upgrades between major versions were always pain with an Nvidia card (this was before AMD or in the beginning even ATI cards were well-usable under Linux) and I honestly just prefer rolling release nowadays. But snaps are just not at all compelling anyways.

All that follows is my personal opinion, but for ease of writing, I’m gonna present it as facts.

Once you have grasped the advantage that Nix offers, all the fundamentally different solutions just seem s o inferior. When I first tried NixOS on a decommissioned notebook, the concept immediately made sense. Granted, I didn’t understand the language features very well – I mostly used it for static configuration with most stuff just written verbatim in configuration.nix, though I did use flakes very early on because of Lanzaboote. But just the fact that you had a central configuration in a single language that was able to cross-reference itself across different parts of the system absolutely blew me out of the water. I was a very happy and content Arch user, even proficient enough to run my own online repository that built from a clean chroot for AUR packages (if you use Arch with AUR packages on multiple systems, check out the awesome aurutils!), but after seeing the power of NixOS in action, I switched over all my machines as soon as I could - desktop, virtual servers (thanks nixos-anywhere!), main notebook and NAS.

People often praise the BSDs for their integrated approach – NixOS manages to bring that approach to Linux. Apart from GUIX System that I never tried because Secure Boot was a requirement when I last looked at other distributions, none of them have tackled the problem that NixOS solves, and it’s not even certain if they actually understand it. Conceptually, it plays on a whole different level. No more unrecoverable systems, even with broken kernels – just boot the previous configuration. Want to try changes without any commitment? nixos-rebuild test got you. Need an app quick? nix shell nixpkgs#app it is.

Plus the ecosystem is just fantastic. The aforementioned nixos-anywhere really helps with remote provisioning, using disko to declaratively setup filesystems and mounts, you have devenv which is a really good solution for development environments, both regarding reproducibility and features, and many more that I can’t mention here. There is nothing comparable, and the possibilities are unlike in any other ecosystem.

It’s not perfect for sure though, and documentation is sparse. The language concepts which allow one to “unlock” the most powerful features are different from what most people know.

I was lucky enough to have some downtime at work to get into the system a bit deeper (this was still for work though, just not my core skillset) by implementing a “framework” for our needs which forced me to not just copy and paste stuff, though I definitely did get inspired from other solutions, but to actually better understand the module system (I think?), thinking in attribute sets, writing your own actual modules, function library and so on. But in the end, it was definitely worth it, and I’m unaware of any other system that would allow what Nix and NixOS allowed me to build.

I don’t like snaps because it’s just another Canonical NIH thing. Everyone else agreed on flatpak which seems to have a good design with portals and all and being fully open.

On the other hand, you have snaps, which is being controlled by Canonical as the server component is l non-public. The packages sometimes work worse than normal debs and the flatpak version (steam being a notable example IIRC).

There is 0 motivation for me as a user to look into that. They have solved the problem in one of the worst ways possible. Even Mint, which is Ubuntu’s biggest downstream, has opted against including it by default.

In addition to all of that, Canonical also installs applications as snap when using the apt\£* command line tools.

So you have a system that is

• proprietary
• worse than the alternatives
• pushed on users even through unexpected channels

Ubuntu’s mission was always to build bridges between the user and tech and businesses that the gnu side of Linux wouldn’t.

Which bridge did they build with snaps?

It’s a good just works distro that has spawned a ton of just works distros

Which in turn have removed snaps by default and replaced the affected packages with native ones because it often didn’t “just work”

Yeah, but if I’m not mistaken not because they’re the same architecture, but because each WiiU had full Wii hardware inside it, so it was actually two consoles. The Wii was actually just a faster GameCube.

NixOS […] some packages are kinda old

Fair

that server will be going back to debian next summer.

I don’t think that will solve the “some packages are kinda old” issue.

Welcome to Lemmy!

Unfortunately, I think most of the users here have no insight into every day Chinese life - myself included… in fact if not from your post, I would have had no idea this is a thing.

Anyhow, this is disgusting behavior, and I can’t really rationalize it.

Though for a lot of people, the source of grievance is pretty abstract. They could be victims of the system, and taking it revenge in that is difficult.

A secret police is something different from officers without uniforms. A secret police is an instrument of the ruling party to oppress opposition and are part of a “justice” system outside of the official one, e.g. secret police can arrest you on whatever charges (don’t have to be revealed) and you’ll be put into a secret prison where your relatives can’t find you. The fact that they don’t wear uniforms goes beyond why regular police goes it: it’s to create an atmosphere of fear that everyone around you could be secret police, and that they can just arrest you, and there’s nothing you can do.

No you’re right, I mixed it up I guess.

I haven’t encountered systemd bugs in NixOS yet. Doesn’t mean they don’t exist - but I can’t confirm the issue.

I run everything on NixOS nowadays and I do think that all of this makes sense, whether the implementation is the best I can’t judge.

Just wanted to make sure my statement wasn’t a criticism on NixOS, the maintainers do a great job. It’s rather taking a jab at the “boring” statement.

Nowadays if I want declarative configuration, I just cram everything into docker containers and write a huge docker-compose.yml for everything that I want to run.

Docker compose is imperative though ;) (if that actually matters is up for debate) - fun fact nix allows you to build containers very easily.

I love how you can set up SSL certificates for nginx with autorenewal just by switching it on in configuration.nix.

How well this all goes together is really one of the strongest points of nix and NixOS. Though just for manageability, I personally wouldn’t put this into configuration.nix, but rather into a file dedicated to the respective service.

NixOS “is boring and iust works” until you want to do something fancy a module author didn’t anticipate and suddenly you find yourself defining functions that use genAttrs on some lists imported from JSON files

I have full IPv6, none of my ports that I haven’t explicitly whitelisted in the firewall can be accessed from the Internet. I can open a host completely, but it’s not default. This is on the most common brand of consumer routers here.

Just because it’s not NATted doesn’t mean there’s no firewall in place.

What’s confusing about wine prefixes apart from the fact that wine itself doesn’t come with a graphical interface to manage them? On a Deck, Steam should handle these for you

I worked in software certification under Common Criteria, and while I do know that it creates a lot of work, there were cases where security has been improved measurably - in the hardware department, it even happened that a developer / manufacturer had a breach that affected almost the whole company really badly (design files etc stolen by a probably state sponsored attacker), but not the CC certified part because the attackers used a vector of attack that was caught there and rectified.

It seemingly was not fixed everywhere for whatever reason… but it’s not that CC certification is just some academic exercise that gives you nothing but a lot of work.

Is it the right approach for every product? Probably not because of the huge overhead power certified version. But for important pillars of a security model, it makes sense in my opinion.

Though it needs to be said that the scheme under which I certified is very thorough and strict, so YMMV.

My router will still block all ports not explicitly allowed for the hosts regardless of protocol, it’s a firewall after all and not just NAT. Just because the host addressable doesn’t mean its ports are reachable.

Testing is actually mandatory, what’s not mandatory though is to do it before deploying.

what’s feurking

An optional step in the développement process

Emacs? When there’s ed? Talk about bloat…

Skylines is ok, it never clicked for me, consider it more of a city painter than a management game… That plus Paradox’ DLC policy made the game quite unattractive to me rather quickly. And it was very car-centric.

Unfortunately, I’m unaware of a serious contender.

l haven’t played Planet Coaster, but my impression was it’s more of a coaster builder than a theme park manager? A lot of “hardcore” players play OpenRCT 2, and for a slightly more modern take on the genre there’s Parkitect. But classic RCT hasn’t been replaced

Could be the kernel itself

Wouldn’t make sense to me because the thread says GNU/Linux and others, though this could relate to Android or distros not using any GNU.

gnupg

Usually not exposed to the network though, but it’s generally a mess so wouldn’t be too surprising

Another candidate I have in mind is ntpd, but again that is usually not easily accessible from outside and not used everywhere, as stuff like systemd-timesyncd exists.

Just want to stress that I’m not sure about it being OpenSSH, it was more supposed to be a fun guess than a certain prediction